./research

Security Research

Domains, methodologies, write-ups and ongoing work

domains

Research Areas

CRITICAL

Web Application Pentesting

OWASP Top 10 exploitation, injection flaws, broken authentication, IDOR, insecure deserialization, XXE and server-side vulnerabilities. Methodology covers black, grey and white box assessments.

  • SQL / NoSQL / LDAP / Command Injection
  • XSS · CSRF · SSRF · CORS Bypass
  • JWT Manipulation & Auth Bypass
  • File Upload Exploitation
HIGH

Android Application Security

Static and dynamic analysis of Android APKs. Identifying insecure data storage, exported activities, intent hijacking, hardcoded secrets, and bypassing certificate pinning and root detection.

  • APK Decompilation with jadx / apktool
  • Dynamic Analysis with Frida & Objection
  • SSL Pinning & Root Detection Bypass
  • Insecure Data Storage & IPC Analysis
HIGH

Buffer Overflow Exploitation

Stack-based buffer overflow research on OSCP-track machines. Covers fuzzing, EIP control, bad char analysis, JMP ESP identification and shellcode delivery using Python exploit scripts.

  • Fuzzing with custom Python scripts
  • mona.py for pattern offset & JMP ESP
  • Bad character detection & elimination
  • Shellcode generation with msfvenom
MEDIUM

API Security Testing

REST and GraphQL API assessment including broken object level authorization, mass assignment, rate limiting bypass, improper error handling and token leakage in API flows.

  • BOLA / BFLA / Excessive Data Exposure
  • Authentication Flaws & Token Attacks
  • Rate Limiting & Business Logic Flaws
  • GraphQL Introspection Attacks
MEDIUM

Network & OT Security

Host and network penetration testing including OT/ICS environments. Protocol analysis on industrial networks, SCADA system testing, firewall rule auditing and lateral movement chains.

  • Network Enumeration & Service Exploitation
  • OT/ICS Protocol Analysis
  • Active Directory Attack Paths
  • Lateral Movement & PrivEsc Chains
MEDIUM

Automation & Tooling

Building custom security automation tools in Python and Bash. Reconnaissance automation, payload generators, reporting scripts, and utility tools published as open source on GitHub.

  • Custom Recon Automation (Python)
  • Bash Scripting for Enumeration
  • Batch scripting for Windows targets
  • Open-source tool publishing
methodology

Pentest Methodology

01

Scoping & Authorization

Define engagement scope, rules of engagement, and obtain written authorization. All testing is 100% authorized before any action is taken.

02

Reconnaissance

Passive and active recon — OSINT, subdomain enumeration, port scanning, service fingerprinting and attack surface mapping.

03

Enumeration

Deep enumeration of discovered services, directories, user accounts, and exposed interfaces. Technology fingerprinting and version analysis.

04

Exploitation

Controlled, targeted exploitation of identified vulnerabilities. Proof-of-concept development with minimal impact to production systems.

05

Post-Exploitation

Privilege escalation, lateral movement simulation, data exfiltration PoC, and persistence demonstration within authorized scope.

06

Reporting

Comprehensive report with executive summary, technical findings, severity ratings, PoC evidence, and actionable remediation guidance.

🛡

100% Authorized. 100% Ethical.

I only perform security testing on systems I own or have explicit written authorization to test. Responsible disclosure is the standard — always.

Schedule Engagement