Case Studies
Dive into my diverse range of projects, showcasing my expertise in software development, design, and dedication to delivering exceptional results.
Mobile Application Penetration Testing
A comprehensive grey-box mobile application penetration test of a digital-health flagship app (VitalisCare, iOS & Android) handling protected health information. The engagement combined static analysis, dynamic instrumentation, and network interception to prove insecure local storage of auth tokens, an SSL-pinning bypass enabling full MITM of PHI traffic, and a hardcoded API key recovered via decompilation — then delivered Keychain/Keystore migration, hardened certificate pinning, and secrets management to achieve HIPAA-aligned launch readiness.
Explore Case Study
API Penetration Testing
A comprehensive grey-box API penetration test of a global logistics provider (TransGlobe Logistics) spanning 600+ REST and GraphQL endpoints behind a unified gateway. The engagement uncovered and remediated a mass BOLA/IDOR exposure leaking customer shipment manifests, a GraphQL introspection leak chained with query batching to bypass rate limiting, and a blind boolean/time-based SQL injection in an undocumented legacy tracking endpoint — establishing object-level authorization, schema governance, and cost-aware query limits across the estate.
Explore Case Study
Cloud Security Review
A comprehensive cloud security architecture review of a high-growth, AWS-native SaaS analytics platform (Stratuscale Analytics). The engagement uncovered and remediated a multi-account IAM privilege escalation path via overly permissive assumed roles, a public S3 bucket exposing Terraform state files containing hardcoded secrets, and internet-facing EC2 jump boxes — re-architecting the estate around least privilege, AWS Secrets Manager, strict Security Group rules, and continuous CIS AWS Foundations Benchmark alignment.
Explore Case Study
Network Vulnerability Assessment & Pentesting
A comprehensive internal and external network penetration test of a hybrid OT/IT manufacturing enterprise (NordForge Industries) following a merger. The engagement chained a forgotten external VPN endpoint with weak credentials into LLMNR/NBT-NS poisoning, NTLM relay, and an unpatched domain controller (ZeroLogon / Kerberoasting) to prove full Active Directory domain compromise — then delivered network segmentation, SMB signing enforcement, and legacy protocol teardown to prevent ransomware-scale impact.
Explore Case Study
Web Application Penetration Testing
A comprehensive, grey-box web application penetration test of a high-throughput FinTech transaction platform (VeloCart FinTech). The engagement resolved critical vulnerabilities introduced by AI-assisted "Vibe Coding" tools, including a severe client-side price override, broken JWT auth middleware accepting alg: "none", and Stored XSS inside vendor feedback channels — hardening endpoints and establishing rigorous, CI-integrated schema validations.
Explore Case Study
AI & Machine Learning Pentesting
A deep-dive AI/ML penetration test of an autonomous customer-service LLM agent for a Series-B AI startup. Using the proprietary OpenClaw framework we executed 1,840 adversarial prompts across nine LLM attack classes, uncovered a multi-step system-prompt extraction jailbreak, an indirect prompt injection chain via summarised webpages, and a RAG-layer PII leak — then engineered constitutional guardrails, input sanitisation, and context-window isolation that reduced jailbreak success from 38.2% to 0.4%.
Explore Case Study