Security Researcher & Offensive Security Engineer
I operate as thatsmyspot55, focusing on offensive research, coordinated disclosure, and building repeatable processes for finding high-impact vulnerabilities before attackers do. My work blends deep application analysis, adversary simulation, and rapid proof-of-concept development to help teams close real-world gaps quickly.
Research Focus
🕵️♂️ Recon & Discovery
- Surface expansion mapping for large attack scopes
- Automated signal triage with custom tooling
- Credential & access workflow abuse analysis
💣 Exploit Development
- Proof-of-concept chains for logic flaws and injection paths
- Cloud control plane misconfiguration escalation
- Offensive tooling for repeatable exploitation
📡 Coordinated Disclosure
- Structured reporting packs with exploit replay scripts
- Threat modeling to contextualize business impact
- Playbook handoffs for blue teams and remediation squads
Recent Highlights
- Reported a chained OAuth misconfiguration that enabled full account takeover across a Fortune 100 SaaS platform; coordinated fix and regression detection scripts with defenders.
- Built a fuzzing harness that surfaced a pre-auth RCE in a managed container registry, earning top-tier recognition on multiple bug bounty leaderboards.
- Led a red-team style engagement for a fintech product launch, uncovering logic flaws in payment routing that exposed systemic financial risk.
Tooling Stack
Recon
- Nuclei
- Amass & custom asset graphing
- DNS tunneling analysis
Exploitation
- Burp Suite Pro automation
- Zig & Python payload tooling
- Browser-based exploit frameworks
Reporting
- Exploit replay scripts & demo videos
- MITRE ATT&CK mapping
- Risk narratives for exec briefings