About Me

My interest in cybersecurity started when I was a kid, though I didn't fully realize it at the time. I spent a lot of time playing online games and would often run into cheaters. It was frustrating, but it also made me curious. How were they doing it? My research led me to discover that cheats were often made with code, particularly in Java. This sparked my interest, and soon I was experimenting with Cheat Engine. Seeing how things worked behind the scenes was fascinating and made me want to learn more about how computers and software functioned.

My exploration eventually led me to web development, but cybersecurity always grabbed my attention the most. When I was around 8 or 9, I noticed a security weakness on my school's website involving easily guessable credentials. Gaining that firsthand view of how predictable information could be exploited felt like my first lesson in security and social engineering. That moment pushed me to learn even more. I started digging into different hacking concepts like SQL injection and cross-site scripting (XSS), and other common web-security issues — always focused on understanding how they worked so I could learn how to defend against them. I also got interested in networking and tinkered with small IoT devices to learn about wireless behavior and embedded systems. It was exciting to test ideas and see how security weaknesses could be both exploited and fixed.

During my fourth and fifth-grade years, I was also involved in swimming lessons, where I competed with others in my city. It was a very challenging journey that taught me valuable lessons. From a young age, I've always loved tech, AI, ML, and other innovations. During this time, I also learned to play the piano, though it wasn't a passion of mine—I was encouraged to pursue it by others. But I see it as part of my overall journey, and I’m always looking to learn more. I also enjoy playing chess, which helps with my strategic thinking. However, in seventh grade, my grades started to drop, and I struggled academically. I decided to take a break from cybersecurity to focus on my studies. Over time, my grades improved, and now that I've found more balance, my interest in cybersecurity has returned.Now, I'm diving back into learning more about security, exploring new techniques, and staying updated with the latest threats. There's always something new to discover in this field, and that's what keeps it exciting for me. I’m looking forward to uncovering even more in the future. 

“Cybercrime is the greatest threat to every company in the world. - Ginni Rometty"

Comments

Post a Comment

Popular posts from this blog

[XSS] Breaking ‘safe’ embeds via frame-src bypass

Image
Overview We pat ourselves on the back when our WAF blocks a classic <script> alert. But modern web applications are a tapestry of first-party code and third-party services. What happens when an attacker doesn't need to break your walls, but simply uses a door you left open for a trusted guest? The Vulnerability Let's set the scene. Your application, trusted-site.com, has secure server-side filters. It correctly neutralizes or blocks any user input containing <script>, onerror=, or other obvious XSS vectors. However, to support rich content, you allow certain HTML tags like <iframe> and <object>. These are necessary for embedding videos, maps, or other third-party widgets. An attacker discovers this policy. They don't try to inject JavaScript directly. Instead, they inject a gateway: <iframe src="https://vulnerable-widget-provider.com/page-with-xss.html" style="position:fixed;top:0;left:0;width:100vw;height:100vh;border:none;"...
Read more

[BYPASS] IKEv2 Fortinet Misconfiguration

Image
Overview The target was a Fortinet Next-Generation Firewall (NGFW), a formidable system relying on aggressive Deep Packet Inspection (DPI). Its directive was simple: block all unauthorized tunneling. My objective was proving that its "threat intelligence" had exploitable policy blind spots. Initial attempts with solutions like OpenVPN and WireGuard failed instantly. This was not simple port blocking. The FortiGate performed protocol fingerprinting, immediately recognizing the distinct traffic signatures of these protocols and dropping the connections. Any consumer VPN signature was a red flag. The challenge was confirming and exploiting a predictable policy exclusion. The goal crystallized: Protocol-Based Bypass. The IKEv2 Differential Testing revealed the key vulnerability: IKEv2 (Internet Key Exchange version 2) traffic showed inconsistent signs of life while other protocols were instantly terminated. IKEv2 is part of the IPsec suite and is specifically favored for enterpri...
Read more