Signature emblem

whoami

Red Team Operator / Security Researcher

Offensive tooling, evasion & adversary emulation.

Recent Posts

Brute Forcing the DVWA Login Page

7 minute read

Brute forcing the DVWA admin login with Hydra, Burp Suite and a custom Python tool, plus mitigations like MFA and account lockout.

Weak Session ID

6 minute read

Analyzing DVWA’s predictable session IDs across low, medium and high levels and how to generate secure, random session identifiers.

Word Document Macro Phishing

1 minute read

Weaponizing a Word document with a VBA macro that runs an obfuscated PowerShell reflective loader to fetch and execute a Meterpreter stager.