I'm a certified ethical hacker / security engineer with 20+ years in cybersecurity, now deep in DeFi/smart contract auditing π
Web2 contributions π
- Dropped the first public PoC exploits for CVE-2006-3747 (Apache mod_rewrite LDAP off-by-one buffer overflow) back in 2006 β Advanced off-by-one buffer overflow vuln that got wild attention on GitHub/exploit-db scenes π‘οΈπ₯
- Cooked up a remote code execution bug in Roundcube Webmail (versions 0.2-3 Beta) via html2text.php β that's CVE-2008-5619, published on Exploit-DB/Milw0rm in 2008. Straight mail client pwnage π§π₯
- Credited in other finds like XSS/weak creds in stuff: Samsung DVR weak authentication, net2ftp 0day XSS, ...
- Awarded CVE-2017-12544 for HPE System Management Homepage DOM-based XSS
- Authored some Metasploit modules (like SAP Management Console) or implemented TrustedSec PTF in a docker container or multiple contributions to
niktoπ οΈ
Web3 contributions π
- Auditing Protocol Smart Contracts for Rootstock blockchain (TVL: $128 million) doing security audits and implementing fuzzing and invariant testing to validate the protocol
- Developed https://app.smartauditor.ai to bring smart contract audits to the masses
- Awarded a query in Glider contest
Missing Storage Gap in Upgradeable Contracts Leads to Storage Slot Collisions - Reported vulnerabilities to Linen Wallet (HackenProof) and Aurora (Immunefi)
Certifications, badges, ... π
- Certified Ethical Hacker, 2017
- OSCP, 2018
- Certified Blockchain Security Professional, 2021
- Certified Smart Contract Auditor, 2024
- Boring Security 101, 2025
- Boring Security Solana Security, 2025
Contact: