Medium Post
Secure Vibe Coding in 2026: The Files, Prompts and Rules of Use and Research
Writeups, research, and practical security notes from my Medium.
Read More →
WHOAMI
I build security automation, offensive tooling, and practical cloud defense workflows.
I’ll graduate from University of Maryland, College Park in May 2026, completing my Master’s in Cybersecurity and a Graduate Certificate in Cloud Engineering.
I’m looking for full-time Security Engineering, IR/SOC, or AppSec roles, and I’m open to relocating.
My work focuses on building and automating security systems, especially around log analysis, threat modeling, incident triage, and AI-assisted security workflows.
I also write technical blogs, contribute to open-source security tools, and build projects that simulate real-world attacks and defensive response.
6 CVEs
AI x AppSec x Cloud x D&R
whoami
I'll be graduating from the University of Maryland, College Park in May 2026, currently finishing my Master’s in Cybersecurity along with a Graduate Certificate in Cloud Engineering.
I'm actively looking for a full-time role in Security Engineering, IR/SOC Analyst, or AppSec roles, and I am open to relocating.
I focus more on builing and automating security Systems. A large part of my work involves automation and AI/LLM-assisted security workflows, especially for log analysis, threat modeling, and incident triaging.
I do write a lot of Blogs, building and contributing to open-source security tools, experimenting new AI/LLM, and work on projects that simulate real-world attacks and defensive response.
Let's stay in touch :)
Featured Projects
SOAR EDR Emulation
Emulating adversary techniques and automating D&R with LimaCharlie, Tines and Slack
Learn More →CloudSentinel
AI-powered AWS security scanner that chains misconfigurations into attack paths
Learn More →Featured Projects
SOAR EDR Emulation
Emulating adversary techniques and automating D&R with LimaCharlie, Tines and Slack
Automated DevSecOps pipeline: Secure CI/CD Deployment
An automated vulnerability scanning pipeline which involves Cloud, AI and Security Integration.
Obsidian sync from windows
PowerShell-based automation sets up your Obsidian vault to sync with a private GitHub repo
CVEs
CVE-2026-33624
Published
Parse Server - MFA recovery code single-use bypass via concurrent requests
An attacker who obtains a user's password and a single MFA recovery code can reuse that recovery code an unlimited number of times by sending concurrent login requests.
CVE-2026-33220
Published
Weblate - Weblate
JavaScript localization CDN add-on allows arbitrary local file read outside the repository
CVE-2026-33440
Published
Weblate - Weblate
Authenticated SSRF via redirect bypass of ALLOWED_ASSET_DOMAINS in screenshot URL uploads
CVE-2026-33171
Published
LFI in file dictionary fieldtype in Best Flat CMS 2026 - Statamic
In the file dictionary fieldtype, allowing authenticated Control Panel users to read arbitrary .json, .yaml, and .csv files from the server.
CVE-2025-46203
Published
Unifiedtransform v2.0 suffers from Broken Access
Control, allowing students/teachers to access
/students/edit/{id} and modify student records. Affects all v2.0 builds.
CVE-2025-46204
Published
Unifiedtransform v2.0 suffers from Broken Access
Control, allowing students/teachers to access
/course/edit/{id} and modify course data. Affects all v2.0 builds.
Honors & Involvement
Black Hat 2025
Scholarship winner / 1 of 8 global recipients
fwd:cloudsec 2025
Cloud security scholarship winner
Anthropic x UMD
Claude Builder Club Hackathon judge / Apr. 2026
Amazon x HackerOne CTF
Top 3 placement / Oct. 2025
HTB Season 8
Global Rank 144 / Jun.-Aug. 2025
Other CTF Placements
Boot-up Top 50 / Smiley Top 70 / Break The Syntax Top 40 / BSidesSF Top 5 / FTF Top 5%
CVEs
- Unifiedtransform v2.0 suffers from Broken Access Control, allowing
students/teachers to access
/students/edit/{id}and modify student records. Affects all v2.0 builds
- Unifiedtransform v2.0 suffers from Broken Access Control, allowing
students/teachers to access
/course/edit/{id}and modify course data. Affects all v2.0 builds
Certifications
CRTO
March 2026
GFACT
Feb 2026
BSCP
July 2025
SAA
April 2025
CDSA
March 2025
OSCP
July 2024
Google Cert
Sept 2023
eJPTv2
May 2023
CEH
Feb 2023
Certifications
GSEC
April 2026
CRTO
March 2026
GFACT
Feb 2026
BSCP
July 2025
SAA
April 2025
CDSA
March 2025
OSCP
July 2024
Google Cert
Sept 2023
eJPTv2
May 2023
CEH
Feb 2023
Publications
SQLI Attack: An Approach using ML and Hybrid Techniques
September 2023
📚 Publications
Original Research
- Enhancing OSINT Practices with Eye-Sint: A Multi-Module Intelligence Tool - October 2023
- SQLI Attack: An Approach using ML and Hybrid Techniques - September 2023
Latest from Medium
Medium Post
CRTO 2026 Review and Preparation Guide
Writeups, research, and practical security notes from my Medium.
Medium Post
CVE-2026-33171: Path Traversal in Statamic CMS
Writeups, research, and practical security notes from my Medium.