whoami
I am a professional penetration tester dedicated to securing enterprise operations and safeguarding corporate assets through realistic adversary simulation, uncovering critical vulnerabilities, and breaking down complex exploitation mechanics.
Credentials & Profile¶
My daily work focuses on emulation, threat modelling, and diving into the internal mechanics of software risk. My background is backed by industry standard offensive security certifications:
- Offensive Security (OffSec) Certified Professional
- CREST Registered Tester
- CREST Practitioner Security Analyst
- BurpSuite Certified Practitioner
Why This Blog Exists¶
Instead of generic step-by-step CTF machine walkthroughs, this blog is a dedicated space for original exploit development, vulnerability research on publicly disclosed flaws (CVEs), and giving back to the wider security community.
When a critical vulnerability drops or an interesting target presents itself, my goal is to strip away the noise, analyse the root cause, and share weaponized proof-of-concepts, reliable exploit scripts, and engineering insights.
What You Will Find Here¶
- Exploit Code & Research: Practical, breakdown-heavy documentation of public vulnerabilities, showcasing how they are engineered, triggered, and stabilised.
- Random Snippets & Tooling: Useful, one-off scripts, tailored payloads, or automation configurations that I stitch together to solve specific engagement hurdles.
- Community Blueprints: Raw code and methodology shared freely to help security teams improve their detection engineering and help peers refine their offensive trade craft.
AI assisted content
Some of the content and code breakdowns hosted on this site are assisted or generated by AI models. While I do my best to verify technical accuracy, LLMs can and do make mistakes. If you spot a technical inaccuracy, a broken snippet, or an outright hallucination, please flag it by sending an email to hello@x6b.me.