Specializing in penetration testing, red team operations, and security research to help organizations identify and remediate critical vulnerabilities before adversaries do.
Technical writeups, research, and security insights
A comprehensive guide to understanding and exploiting privilege escalation vulnerabilities in Windows Active Directory environments, including practical examples and mitigation strategies.
Read more ā
A deep dive into techniques for evading endpoint detection and response solutions, including process injection, memory manipulation, and obfuscation methods used in real-world engagements.
Read more ā
Learn how attackers leverage trust relationships between domains to move laterally and escalate privileges across forest boundaries in complex enterprise environments.
Read more ā
Practical techniques for identifying and exploiting common AWS misconfigurations, including IAM policy abuse, S3 bucket enumeration, and Lambda function vulnerabilities.
Read more ā
Step-by-step guide to setting up a professional red team infrastructure including command and control servers, redirectors, payload hosting, and operational security considerations.
Read more ā
Exploring sophisticated web application vulnerabilities beyond OWASP Top 10, including business logic flaws, race conditions, and complex authentication bypass scenarios.
Read more ā
Building security through adversarial thinking
Iām an Offensive Security Engineer specializing in Red Team operations, with hands-on experience in security assessments, vulnerability exploitation, and web application penetration testing. I help organizations proactively identify, validate, and remediate security gaps before they can be abused by real-world attackers.
I believe that effective defense starts with understanding the attacker mindset. My approach combines offensive and defensive security practices with continuous learning, allowing me to uncover complex issues that go beyond surface-level findings. Iām driven by a strong passion for solving challenging security problems in an ever-evolving threat landscape.
Beyond technical work, Iām the founder of CyberwireZ, a Filipino cybersecurity community focused on collaboration and knowledge sharing. Through community building and security research, I strive to contribute to the growth of the local and global cybersecurity ecosystem while continuously sharpening my skills as a security professional.
Technical skills and methodologies I employ in security assessments
Selected engagements and security research projects
Conducted comprehensive internal and external penetration testing for a Fortune 500 financial services company. Identified critical vulnerabilities in their infrastructure, achieved domain compromise, and provided strategic remediation guidance.
Led a 6-week adversary simulation for a healthcare organization. Successfully bypassed EDR solutions, maintained persistence, and demonstrated the impact of a sophisticated threat actor through lateral movement and data exfiltration scenarios.
Performed in-depth security assessment of a multi-tenant SaaS application. Discovered authentication bypass, broken access controls, and business logic flaws that could lead to cross-tenant data access.
Evaluated AWS environment security for a technology startup. Identified misconfigured IAM policies, exposed S3 buckets, and privilege escalation paths. Delivered comprehensive cloud security architecture recommendations.
Researched and developed proof-of-concept exploits for zero-day vulnerabilities in enterprise software. Responsibly disclosed findings to affected vendors and received CVE assignments.
Developed open-source security tools for reconnaissance automation, vulnerability validation, and post-exploitation activities. Tools have been adopted by security professionals worldwide with 2,000+ GitHub stars.
Professional certifications and credentials
Certified Red Team Operator
Certified Penetration Testing Specialist
Certified Web Exploitation Specialist
Certified Red Team Analyst
APISEC Certified Practitioner
Huawei Certified ICT Associate - Artificial Intelligence
Interested in working together? Let's discuss your security needs