about
skills
Security
Languages
Cloud & IaC
Frameworks
certifications
education
MSc Network & Information Security
Kingston University · 2025
BSc (Hons) IT - Cyber Security
SLIIT · 2021 - 2024
experience
Security Engineer & Penetration Tester
Surge Global
May 2023 - Present
- > Performed VAPT on in-house and client web applications
- > Found 10-20 critical vulnerabilities per application on average
- > Conducted security code reviews on client codebases
- > Built Microsoft Sentinel SIEM solution with Terraform IaC
- > R&D on prompt injection prevention methods
bug bounty
NASA Letter of Recognition
Received for responsibly disclosing a critical vulnerability
NASA Hall of Fame
Listed on the NASA VDP researcher acknowledgments
Keycloak Hall of Fame
Ranked #3 on the program leaderboard
CVEs pending
Zivver Hall of Fame
Ranked #6 on the program leaderboard
Forged unsigned SAML assertions to gain full admin access on a government application
Redirect URI Validation Bypass
Bypassed OAuth redirect URI validation via path traversal to steal authorization codes
Exploited unpatched Ghostscript to achieve root RCE, escalating to AWS credential theft
...and several other findings across various programs.
projects
A knowledge repository with easy-to-understand explanations of complex concepts
Post-quantum steganography tool using ML-KEM-768 and AES-256-GCM
achievements
capture the flag
SLIIT ISACA CTF
Solo vs 15 four-member teams
CICRA 10th Summit CTF
Duo vs 40+ teams
Enigma CTF
19 participants
Manthra CTF
30+ participants
Medusa CTF
Consistently placed in the top 3 across all CTF competitions.
contact
Interested in working together or have a security concern? Feel free to reach out.