What I work with
Experience
Thoropass
Penetration Tester
2025 - Present
I conduct end-to-end penetration testing engagements across a wide range of targets including web applications, APIs, mobile apps (iOS & Android), internal networks (Windows & Linux), and cloud environments (AWS, Azure, GCP). I deliver detailed technical and executive-level reports with clear remediation guidance, working closely with clients throughout scoping, execution, and remediation validation.
Cybersecurity Blue Team & Red Team
Penetration Tester
2024 - 2025
I work as a Penetration Tester, conducting comprehensive offensive security assessments across cloud infrastructures, web platforms, mobile applications, and internal networks. My role involves simulating real-world cyberattacks to identify and exploit vulnerabilities before malicious actors can. I specialize in Azure security, where I uncover misconfigurations and abuse identity mechanisms to demonstrate risk impact. I also develop custom payloads tailored to specific environments and automate reconnaissance, exploitation, and post-exploitation workflows to maximize efficiency. My findings are documented in detailed technical reports and high-level executive summaries, providing clear remediation guidance and strategic risk mitigation insights for stakeholders.
Grey Matter Technologies / Hotel W&P Santo Domingo
Infrastructure Manager - Outsourced to Hotel W&P
2023 - Past
I served as the Infrastructure Manager, where I led the end-to-end design, deployment, and lifecycle management of secure, high-performance IT systems across both on-premises and cloud environments. My responsibilities included architecting resilient network and server infrastructures, implementing robust cybersecurity controls, and optimizing system performance for critical business operations. I ensured high availability and business continuity through strategic backup, monitoring, and disaster recovery solutions. Additionally, I directed cross-functional teams in delivering infrastructure upgrades, enforced compliance with industry security standards, and continuously evaluated emerging technologies to enhance operational efficiency and scalability.
Certifications
Burp Suite Certified Practitioner (BSCP)
Issued: 2024
Certified Bug Bounty Hunter (CBBH)
Issued: 2024
Certified Pentesting Against Azure Cloud (CPAZ)
Issued: 2024
Certified Web Exploitation Expert (CWEE) (Locked)
Issued: In Progress
Projects
Azure Pwnsuite
Personal repo hosting offensive tools for Azure focused on enumerating tenants, roles, permissions, and attack paths.
Learn MoreBlogs
2025 · Web Application Pentest
Authorization Code Interception via Open Redirect in an AWS Cognito OAuth Flow
A practical account takeover chain that abuses a public OAuth client and an open redirect in the SSO callback to intercept authorization codes mid-flight, without touching the victim's password.
2025 · Web Application Pentest
From Zero to Admin via GraphQL Enumeration and Authorization Bypass
A full account takeover chain starting from an unauthenticated GraphQL introspection, through OTP exposure and privilege escalation via Broken Function Level Authorization, ending with admin API key extraction.
May 26, 2025 · Cloud Pentest