Projects & Writeups
Homelab builds, lab writeups, and security case studies. Methodology-first, sanitized, and honest — every entry documents how, not just what.
Securing a Multi-Tenant SaaS (TrueCreditIQ)
Authorized application-security assessment of a live production SaaS I own and operate: row-level security, OAuth, rate limiting, WAF tuning, and supply-chain review. OWASP-based methodology → findings → fixes.
Active Directory Attack & Defense Lab
Isolated homelab: Windows Domain Controller + clients + a Kali attacker. Enumeration, attack paths, and privilege escalation — documented with a network diagram and sanitized evidence.
Read the writeup (stub)
Web App Pentest — PortSwigger & Juice Shop
Working the OWASP Top 10 by vulnerability class in the PortSwigger Web Security Academy, plus a vulnerable-web-app target with Burp Suite. Each class becomes a short methodology writeup.
TryHackMe — Jr Penetration Tester Path
Selected rooms written up for methodology and learning (flags redacted, per platform rules). Focused on the offensive fundamentals that map to the pentest track.