I’m focused on Web/API penetration testing and cloud security (AWS / GCP / Azure), using large public bug-bounty programs as real-world testbeds to learn how modern applications are built, scaled, and abused. Labs are useful, but large bounties show me the messy, realistic apps and attack surfaces that matter.
I have solid practical experience with OWASP Top 10 and web application exploitation. I’m expanding into cloud penetration testing, AI/LLM security.
- Web & API penetration testing (real systems via bug bounty programs)
- Cloud penetration testing (primary focus: GCP; also AWS & Azure)
- Understanding modern application architecture at scale — where to look, how things fail, and how to exploit design and configuration mistakes
- Developing custom offensive tools, payloads, and runbooks (Python/C/C++)
- Building practical exploit development skills on real targets instead of isolated lab exercises
Gain 3–4 years of hands-on penetration testing experience focused on cloud and web applications, then transition deeper into cloud red teaming and Active Directory/cloud identity attacks.
Areas: Web/API Exploitation, Cloud Penetration Testing Languages: Python 3, C, C++ Platforms: GCP (Focus Currenly), AWS, Azure
