Portfolio

Who am I

I am an offensive cybersecurity professional with 10 years in the industry with a solid pentesting/red teaming background. Since more than 3 years present in web3, auditing Smart Contracts and assessing security of other blockchain-related tech. I do specialize in EVM (Solidity), Move (Sui/Aptos) and Rust-based languages such as CosmWasm and Solana. I am proficient with blockchain-related technologies such as blockchain-specific web2 threats, auditing wallets, metamask snaps and backend infrastructure, discord and telegram bots, bridge offchain components and any other hybrid web2/3 solutions. Currently I am an independent auditor working with firms such as, but not limited to: Oak Security, Spearbit (ASR) and Zenith.

Scored several TOP10 places in contests such as Sherlock, Code4rena and Cantina. My Cantina profile is available here. Moreover I am Co-Founder of Monethic.

Web3

Contest results

Note: In some of them participating as ArmedGoose

Date	Platform	Protocol	Position	Findings
March 2025	Code4Arena	Initia Move	2	2H, 3M
April 2024	Code4Arena	DYAD	N/A	2H, 3M
March 2024	Code4Arena	Spectra	2	1M
December 2023	Code4Arena	Revolution Protocol	9	1H, 1M
October 2023	Sherlock	Real Wagmi #2	6	1M
September 2023	Code4Arena	Dopex	N/A	1M
September 2023	Sherlock	Allo V2 / Gitcoin	N/A	2M
August 2023	Sherlock	Dinari	17	1M
January 2023	Code4Arena	RabbitHole Quest Protocol	18	1H, 2M

Audit repoirts (both solo and team engagements)

Protocol Name	Tech	Report Link
Jupiter JUPUSD	Solana (Rust)	Report
Panana Prediction Markets	Move (Aptos)	Report not yet public
Crash Game	Web2	Report
Drop Initia LP	Move (Aptos)	Report
IOTA	Move (Sui)	Report not yet public
Tand3m Launchpad	TON (Tact)	Report
Elixir	Move (Sui)	Report
Cabal - backend services	Web2	Report not yet public
Cabal - liquid staking token	Move (Aptos)	Report not yet public
Archie	Solana, Web2	Report not yet public
TokenTable	Move (Sui)	Report
Dexlyn Bridge	Move (Aptos)	Report
Balanced Network	Move (Sui)	Report
U2U Mobile Wallet	Mobile App	Report
Magma Core	CosmWasm	Report
AgriDex	Solana, Web2	Report
SendIt	CosmWasm	Report
Glue Vesting	Substrate	Report not yet public
Astroport Updates	CosmWasm	Report
Dark Mythos	Solidity	Report
Xtreamly Metamask Snap	Web2	Report
Cypher Autoload	Solidity	Report
Hydro Protocol	CosmWasm	Report
MELD	Solidity	Report
Hello Labs - Bridge	Solana	Report
Satay Finance	Move (Aptos)	Report
Pontem Network - Liquidswap	Move	Report

Articles written

Topic	Date	Link
MOVE demystified part 3	2024	Medium
MOVE demystified part 2	2024	Medium
MOVE demystified part 1	2024	Medium
Deep dive into ERC4626 issues	2024	Medium
Proxy vulnerabilities part 2	2023	Medium
Proxy vulnerabilities part 1	2023	Medium
Ethereum signatures for hackers	2023	Medium
A guide to reentrancy	2023	Medium

Web 2

0 day vulnerabilities found which were assigned CVE numbers - mostly web applications

CVE	Description	Details
CVE-2017-1181 CVE-2017-1183 CVE-2017-11821	IBM TEP Server - SQL Injection, Authorization Bypass, OS Command Injection	Security advisory
CVE-2017-10059	Oracle BI Publisher - Stored XSS	Security advisory
CVE-2017-10060	Oracle BI Publisher XXE	Security advisory
CVE-2017-10068 CVE-2018-2651 CVE-2018-2652 CVE-2018-2653 CVE-2018-2695	BI Publisher, PeopleSoft Enterprise PeopleTools XSS, XXE, SSRF, XSLT execution	Security advisory
CVE-2017-1631	Tivoli Netcool/OMNIbus WebGUI CSRF	Security advisory
CVE-2018-6498 CVE-2018-6499	Microfocus - AutoPass License Server Remote Code Execution	Security advisory
CVE-2020-2563	Oracle Hyperion Cross-Site Scripting	Security advisory
CVE-2019-2932	Oracle PeopleSoft Tree Manager SSRF	Security advisory
CVE-2020-5907	F5 TMOS Shell privilege escalation vulnerability	Security advisory
CVE-2021-21558 CVE-2021-21559	Dell EMC NetWorker information disclosure & vulnerability in SSL validation logic	Security advisory