Focused on uncovering critical flaws in high-impact platforms to protect users and infrastructure.

Communication Platforms

• Discovered and responsibly disclosed critical API vulnerabilities in major messaging platforms
• Developed proof-of-concept demonstrating authentication bypass vulnerabilities
• Telegram Bot API Security Research - Documented API vulnerabilities with responsible disclosure

Government Systems

• Conducted Safe Harbor disclosures for government agencies and their digital infrastructure
• Identified vulnerability chains in citizen data portals, preventing potential mass PII exposure
• Collaborated with public sector security teams on remediation strategies

Financial & Gaming Platforms

• Uncovered authentication bypass vulnerabilities allowing unauthorized account access
• Reported transaction verification flaws in payment processing systems
• Identified data leakage vectors exposing sensitive user documents and financial records
• Conducted blockchain security audits identifying smart contract vulnerabilities

Web3 Security Research

• Smart Contract Analysis - Detailed technical analysis of Ethereum contracts with deceptive event emissions and hidden token redirection mechanisms
• Crypto Platform Investigation - Comprehensive investigation into alleged fund misappropriation and operational security concerns in cryptocurrency gambling platforms
• Web3 Accountability Research - Documentation of concerning patterns in cryptocurrency project leadership and operational practices
• Blockchain forensics and transaction analysis for fraud detection
• Smart contract decompilation and security vulnerability assessment

• Application Security: Web/API Security • Authentication & Authorization • Input Validation
• Infrastructure: Cloud Security • Network Penetration Testing • Infrastructure Auditing
• Emerging Technologies: Blockchain Security • Smart Contract Analysis • Cryptographic Implementations
• Research Methods: Reverse Engineering • Threat Modeling • Privacy-by-Design Systems

Year In Review 2025: Critical Security Vulnerabilities

• Discovered: Deceptive event emissions causing blockchain explorers to display misleading information (February 2025)
• Disclosed: Hidden token redirection mechanisms in burn functions that secretly transfer tokens instead of destroying them (March 2025 | $SHFL)
• Documented: Selective functionality patterns designed to obfuscate contract behavior (June 2025)
• Disclosed: An Authentication bypass on a popular Metaverse platform which allowed any person to see private financial documents that should only have been seen by specific shareholders of those contracts (August 2025)
• Disclosed: A loss of funds to Stake.com based on Blockchain analysis (July 2025)
• Disclosed: Telegram Bot API does not destroy tokens when transfered or auctioned on fragment allowing the seller / attacker opportunity to unauthorized access to victims / reciever / buyer (March 2025)
• Disclosed: An online gambling platform that shared hidden user data through an insecure API endpoint even though users privacy settings were hidden (May 2025)
• Disclosed: An online gambling platform misconfiguration allowing a cloudflare turnstile bypass + replay attack (June 2025)

Platform Security Analysis

• Investigated alleged $20M+ fund misappropriation cases with comprehensive blockchain analysis
• Analyzed anonymous leadership structures and operational pattern concerns
• Documented security vulnerabilities affecting vulnerable user populations in gambling platforms
• Responsible disclosure following industry best practices
• Collaboration with security teams for effective remediation
• Documentation and knowledge sharing with the security community
• Focus on high-impact vulnerabilities affecting user privacy and financial security

Social Engineering, Reverse Engineering, Fuzzing, Protocol Analysis, Penetration Testing, Vulnerability Assessments, Quantitative Surveys, Qualitative Interviews, Case Studies, Smart Contract Auditing, Re-entrancy Attacks, Side-entrancy Attacks, Improper Input (overflow) Attacks, Malware Forensic Analysis, Blockchain Forensic Analysis & more.

All security research is conducted ethically with proper authorization and follows responsible disclosure practices.