bash

_

Security Research Leader

Building the future of application security at GitLab. 10+ years breaking things to make them stronger.

scroll

01 About

" If I had 8 hours to chop down a tree, I would spend 6 of those hours sharpening my axe. "

I'm a seasoned security research leader with over a decade of experience spanning penetration testing, static code analysis, reverse engineering, and software development. Following Oxeye's acquisition by GitLab, I now lead the Vulnerability Research Group, driving the organization's security research initiatives.

Vulnerability ResearchPenetration TestingReverse EngineeringCode AnalysisExploit DevelopmentSoftware DevelopmentPoC IdeationIoT SecurityCloud SecurityWeb Security

02 Experience

Career Timeline

GitLab 2024-present

Vulnerability Research Manager

Oxeye 2021-2024

Head of Research

Akamai 2016-2021

Principal Security Research Lead

Avnet 2014-2016

Senior Security Researcher

Speaking

DC9723 2025 BlueHat IL 2023 Blackhat Arsenal 2022 BSides Las Vegas 2020

03 Projects

Ox4Shell

Log4Shell Deobfuscator

Deobfuscate Log4Shell payloads with ease. Unravel the true contents of obfuscated CVE-2021-44228 payloads.

JSShell

XSS Management Tool

Interactive multi-user web-based JavaScript shell for XSS exploitation and browser debugging.

MQTT-PWN

IoT Pentesting Toolkit

One-stop-shop for IoT Broker penetration-testing with enumeration and exploitation modules.

04 Writing

01 GitLab discovers widespread npm supply chain attack → 02 Take Me to Prom - Exploiting RCE in openTSDB through Prometheus → 03 Gophers & Bees - Parsing Golang structures with eBPF → 04 RCE through SQL Injection in Hashicorp Vault → 05 BreakStage - Unauthenticated RCE in Spotify Backstage → 06 Sandbreak - VM2 Sandbox Escape (CVE-2022-36067) → 07 ParseThru - HTTP Parameter Smuggling in Golang →