In addition to hands-on pentesting work, I build tools and concepts that use automation and AI to help organizations stay ahead of phishing campaigns and infrastructure weaknesses.
An AI-driven phishing analysis concept designed to plug into supported email accounts (for example via secure integrations such as OAuth with business-approved mail providers).
Once connected — and only for accounts you own or are authorized to monitor — incoming email is continuously scanned for phishing indicators such as:
The goal is to flag risky messages early, reduce the chance of a successful phishing attack, and provide explainable alerts that help users learn what to watch out for.
A concept tool focused on quickly assessing exposed services for systems you own or are explicitly authorized to test. The idea is simple: you provide a target IP address within an approved scope, and the analyzer:
This kind of tool is meant to support responsible, authorized vulnerability management — not random or unauthorized scanning of systems.
Lightweight scripts to help during engagements with tasks such as:
The goal is to spend less time on repetitive tasks and more time on analysis and clear communication.
Ongoing practice in lab and capture-the-flag environments to stay sharp on:
This practical experience feeds directly into the way I approach real-world assessments.