Hello friend,

I'm a Senior Penetration Tester with more than eight years experience,
currently working for PSC Security in Melbourne/Australia. 
I'm also a researcher and publish regularly at my personal blog.
My main areas of expertise lie in infrastructure and web application
pentesting, proof of concept and exploit development in C (i.e. Windows rootkits), x64 Assembly, Python
and Bash, and I also do physical social engineering as part of Red Team projects, as well as all other stages.
I've successfully gone through:

- eLearnSecurity Web Application Penetration Testing Extreme - eWPTX/WAPTX
- SecurityTube Linux Assembly (x64) Expert - SLAE64
- ISC2 Associate CISSP
- Offensive Security Certified Professional - OSCP
- Completed training at BlackHat USA 2018 on Fuzzing for Vulnerabilities with Huntress Labs's Chris Bisnett and Kyle Hanslovan
- Completed training at OffensiveCon 2019 (Berlin/Germany) on Windows Kernel Rootkits with Bruce Dang

I've also contributed to the Exploit Database and Google Hacking Database with a few shellcodes
that were developed while I was writing some blog posts on my blog, for the
SecurityTube Linux Assembly (x64) Expert - SLAE64 exam assignments.

I'm looking forward to keep improving through challenging technical certifications and,
above all, spend time on research to improve stealth techniques in our Red Team enagements.

Senior Information Security Penetration Tester experience:
- Windows kernel debugging
- Developing custom shellcode x64
- AV bypass techniques
- XSS, SQLi, CSRF, Indirect object references, LFI, RFI, file uploads, and
other webapp testing while mostly using Burp Suite
- Scanning (nmap, nessus), metasploit, exploit alteration for specific
uses, and other infrastructure testing consistent with OSCP trainning
- Creating internal tools using a variety of languages: Python, C, BASH
script, x64 assembly
- WEP detection and cracking, WPA/WPA2 bruteforcing, WPA-Enterprise
Mitm attacks using patched freeradius server and other wireless
- Forensics: File system, memory, online, and offline analysis
- Reporting on vulnerabilities and recommendations for their mitigation
- Presenting at internal tech conferences.


Some of my blog posts:
- Polymorphic and smaller versions of three shell-storm‘s x64 shellcodes, including the smallest execve /bin/sh
- x64 Egg hunting in Linux systems
- Twofish Crypter with DNS (CName) password retrieval, x64 shellcode decryption, and execution
- JSgen.py — bind and reverse shell JS code generator for SSJI in Node.js with filter bypass encodings
- Bypassing CSRF tokens with Python‘s CGIHTTPServer to exploit SQLi