whoami
25. Berlin & Chemnitz. I break things professionally and find vulnerabilities that have been sitting in production for years because nobody bothered to look.
I'm not going to explain who I know or how I know it. What I'll say is: I've spent years building relationships on both sides of the fence — close enough to the underground that when something moves, a campaign spins up, a zero-day changes hands, or a crew shifts targets, I hear about it. Not from threat intel feeds. Not from a vendor report. Directly, and weeks before anyone publishes a word about it. That proximity shapes how I think about threats in ways no certification ever could.
I don't do this for clout or bug bounty payouts. Broken software pisses me off. That's the whole reason.
Skills
[Red Teaming]Red Teaming in complex Active Directory environments[Red Teaming]AV/EDR evasion usingLOLBAS, custom loaders, and process injection[Red Teaming]Phishing campaigns:GoPhish,EvilGinx(2FA bypass), DKIM/SPF evasion, social engineering calls[Red Teaming]Post-exploitation with C2 frameworks (Cobalt Strike,Sliver)[Red Teaming]Post-exploitation on Linux platforms[Linux]Linux-first workflow:Alpine,Arch,Debian,Nix,OpenSuse,RHEL[Linux]Manual OS hardening:AppArmor,firewalld,sysctl,PAM,journald[Linux]Containerized workflows usingLXC/LXD[DevOps]Infrastructure as code:Ansible> Bash one-liners > YAML hell[DevOps]LXC/LXDfor reproducible testbeds and dynamic lab deployments[DevOps]CI/CD pipelines (GitLab CI,Jenkins)[DevOps]System validation withGoss+DGoss[SecEng]Secure architecture design & review[SecEng]Threat modeling focused on real risk[SecEng]Detection engineering withYARA,Suricata[SecEng]SIEM pipelines withELK,Graylog,syslog-ng
Certifications / Courses
[Phishing]MalDevAcademy — Offensive Phishing Operations[Phishing]BreakDev — Evilginx Mastery[Offensive]Zero-Point Security — Certified Red Team Operator[Blue Team]Qualys — Vulnerability Management Detection and Response[Blue Team]Qualys — Endpoint Detection and Response[Compliance]BSI — Special Audit Procedure Competence (§ 8a BSIG)[Linux]LPIC-1 — Linux Administrator[IHK]State Certified IT Specialist for Systems Integration
Experience
- Conducted comprehensive penetration tests across various environments
- Developed robust IT emergency response plans
- Supported implementation of ISO 27001-compliant information security management systems
- Designed and hardened Linux-based infrastructures (RHEL & Debian)
- Integrated and monitored network detection systems (NIDS, AIDS, HIDS)
- Threat intelligence gathering and analysis to proactively identify and mitigate emerging risks
- Planned, deployed, and maintained Linux-centric and hybrid infrastructures
- Managed
Samba4 Active Directoryenvironments - Built containerized services with
LXCand automated configurations usingPuppet - Deployed secure proxy services via
Squid - Implemented system monitoring and backup strategies
- Troubleshot complex issues in Debian- and RHEL-based networks
Hobbies
- Red Teaming
- Self-hosting
- Hiking
- Kickboxing
- Sports photography
- Bodybuilding