AWS Certified Solutions Architect – Professional with hands-on experience in cloud infrastructure hardening, penetration testing, and CTF challenge engineering. I combine an offensive security mindset with practical systems administration.
Production SaaS that scans websites for ~60 security vulnerabilities across SSL/TLS, HTTP headers, email auth (SPF/DKIM/DMARC), open ports, malware reputation, and source code flaws. Built with FastAPI on Railway, Supabase PostgreSQL + Auth, and Vercel. Parallel async scan engine returns results in 5–15 seconds; real-time dashboard via Supabase WebSocket; 3 subscription tiers (Free / Plus $19 / Max $49).
Co-engineered 38 CTF challenges (web, crypto, forensics, OSINT, rev eng) for a Macquarie University competition across 3 academic levels. Containerised web challenges with Docker; wrote Python tooling to auto-generate JSON/Markdown inventories tracking paths, categories, difficulty, and deployment status.
Black-box pentest of a self-built LAMP web app. Identified 11 vulnerabilities including critical RCE via file upload, SQLi auth bypass, stored XSS, IDOR, and session fixation. Delivered a structured report with CVSS-style ratings, PoC steps, and patched code for each finding.
Multi-class ML classifier on 220,000 network payloads — detects Brute Force, SQL Injection, XSS, and System Command Execution. Engineered 9 features via attack-tool signature analysis (hydra → Brute Force, sqlmap → SQLi). Random Forest achieved 92.6% accuracy; Brute Force F1: 0.99, SQL Injection F1: 0.93.