Red teamer, pentester, bug bounty hunter and reverse engineer.
I don't just find vulns - I tear them apart to understand their core,
then automate the boring part and teach how they tick.
Wired differently (ASD Lvl 1) → the hyperfocus that dismantles complex
threats and turns them into writeups anyone can follow.
- 🔩 Break → Understand → Automate → Teach. Offensive technique, binary reversing and AppSec, always from the attacker's seat.
- 🎯 Always hunting. HTB / THM boxes, research on Bugcrowd · HackerOne · Intigriti · YesWeHack, sharpening on pwn.college, Crackmes.one, MalwareBazaar & DEFCON.
- 🧪 Real environments only. Isolated labs, working PoCs, detailed exploits - logs on the console, concrete proof, zero bullshit.
Real findings, real impact. The ledger:
| CVE / ID | Target | Class | Severity |
|---|---|---|---|
| CVE-2025-10230 | Samba | OS Command Injection (13 yrs hidden) | CVSS 10.0 🔴 |
| CVE-2026-23722 | WeGIA | Stored XSS → RCE / UI redressing | CVSS 9.1 🔴 |
| CVE-2025-67503 | WeGIA | Reflected XSS | CVSS 8.2 🟠 |
| NCUA VDP | 🇺🇸 U.S. Gov | Unauthenticated OS Command Injection | P1 🔴 |
| Digital Flanders | 🇧🇪 Belgium Gov | Blind XXE → Internal SSRF (Tomcat Manager) | High 🟠 |
| Samba CTDB | Samba | Buffer Overflow (InfiniBand wrapper) | Memory Corruption 🟠 |
6× U.S. Government Hall of Fame · 15 valid vulns · 93.75% accuracy
| 🇺🇸 Agency | Program |
|---|---|
| 🚀 NASA | National Aeronautics and Space Administration |
| 🏛️ U.S. Dept. of Commerce | Vulnerability Disclosure Program |
| 🎖️ Dept. of Veterans Affairs | Vulnerability Disclosure Program |
| 💳 NCUA | National Credit Union Administration |
| ♻️ EPA | Environmental Protection Agency |
| 🦅 U.S. Fish & Wildlife Service | Vulnerability Disclosure Program |
+ 🇧🇪 Digital Flanders (Belgium Gov) · achievements: Submission Shogun L3 · Bounty Bee L4 · Collaboration Crusader L1
Full trophy cabinet → bugcrowd.com/h/Tr0p
[recon] nmap · naabu · nuclei · ffuf · amass · httpx · subfinder
[exploitation] Burp Suite Pro · pwntools · Metasploit · sqlmap · mitmproxy
[reversing] IDA Pro · Ghidra · Radare2/Rizin · x64dbg · Frida · gdb-pwndbg
[ad / redteam] BloodHound · Impacket · CrackMapExec · Certipy · Rubeus · Havoc · Cobalt Strike
[cloud] AWS · Azure · GCP · Terraform · Docker · Kubernetes
[analysis] Semgrep · CodeQL · advanced regex · custom toolingLanguages of choice
Python for everything · Bash & PowerShell for speed · C when I need to get close to the metal · JS to run everywhere. If it can be scripted, I automate it.
Red Teaming & APT Emulation • Exploit Dev & Reverse Engineering • Malware Analysis • AI/ML in Offensive Security • Advanced AppSec & DevSecOps • Cloud Security & Secure Architecture
PS C:\Users\Tr0p> exit # thanks for reading... now go own something! (with authorization).





