Freelance offensive security · available for new engagements

Offensive security,
on demand.

Manual, evidence-driven penetration testing for web apps, mobile (Android & iOS), APIs and networks — plus full red-team engagements. Real exploitation, a developer-ready report, and a free retest. No filler.

Book a free scoping call See what I test
Manual-first Free retest Fixed price NDA-first
~/engagement — recon.loglive
# target locked · manual testing in progress
scope = web · api · mobile(android,ios) · network
method = hands-on · real PoCs · zero filler
[+] auth bypass — JWT alg confusion
[+] IDOR → full tenant data access
[!] SSRF reaching cloud metadata
[!!] RCE via insecure deserialization
# deliverable
report.pdf · CVSS · PoC · remediation
retest = included
status: reported & fixed
// aligned with
Manual-first testing OWASP Top 10 OWASP API Top 10 OWASP MASVS MITRE ATT&CK PTES OSSTMM NIST SP 800-115 CVSS v4 CWE NDA-friendly Evidence-based PoCs Manual-first testing OWASP Top 10 OWASP API Top 10 OWASP MASVS MITRE ATT&CK PTES OSSTMM NIST SP 800-115 CVSS v4 CWE NDA-friendly Evidence-based PoCs
What I test

Pick your attack surface

Every engagement is manual-first, scoped to your stack, and delivered with a developer-ready report. Freelance — it's me doing the testing, not a black-box scan.

Web Application Pentest

Deep, manual testing of your web app and its business logic — well past what any automated scan reaches.

  • Authentication, authorization & IDOR
  • Injection, SSRF, deserialization, RCE
  • Business-logic & multi-tenant flaws
Request a quote

Mobile App Pentest — Android & iOS

Static, dynamic and runtime testing of your mobile apps, aligned to OWASP MASVS.

  • Reversing, Frida hooking, SSL-pinning bypass
  • Insecure storage, IPC & exported components
  • Backend API & deep-link abuse
Request a quote

API Security Testing

REST, GraphQL and gRPC, mapped to the OWASP API Security Top 10.

  • BOLA / broken object-level authorization
  • Mass assignment, rate-limit & token flaws
  • Schema introspection & abuse
Request a quote

Network Penetration Testing

External and internal network testing — find the path to impact before an attacker does.

  • Exposed services, misconfig & weak creds
  • Lateral movement & privilege escalation
  • Segmentation & hardening review
Request a quote
Flagship

Red Team Engagement

Goal-based adversary simulation — phishing to domain admin, mapped to MITRE ATT&CK.

  • Initial access, C2 & lateral movement
  • AD attack paths & privilege escalation
  • Detection & response gap analysis
Request a quote
How it works

A clear, repeatable process

No black box. You know what's happening at every stage, and exactly what you'll get at the end.

01

Scope

Free call, rules of engagement, NDA & a fixed quote.

02

Recon

Map the attack surface, enumerate, threat-model.

03

Exploit

Manual testing & chaining, with safe, real PoCs.

04

Report

Findings, CVSS, business impact & clear fixes.

05

Retest

I re-verify your fixes — included, no extra cost.

What you get

  • Full technical reportEvery finding with CVSS, evidence, reproduction steps and impact.
  • Executive summaryRisk in business language for stakeholders and compliance.
  • Remediation guidanceConcrete, prioritized fixes your developers can actually ship.
  • Free retestI re-verify fixes and re-issue a clean attestation letter.

Why work with me

  • Manual-first, not a scannerTools assist; the real bugs come from hands-on testing and logic abuse.
  • I publish my researchHundreds of writeups on LazyHackers — you can see exactly how I think.
  • Fixed scope, no surprisesQuote agreed up front. No hourly creep, no hidden line items.
  • Discreet & NDA-readyYour data stays yours. Evidence is handled and destroyed responsibly.

Let's scope your pentest.

Tell me a bit about your target and I'll come back within 48 hours with a fixed quote and timeline. The scoping call is always free.

  • Free 20-minute scoping call
  • NDA signed before any access
  • Fixed scope & timeline up front
  • Retest of fixed issues included
Reply within 48 hours Confidential