> whoami
Application Security & Offensive Security
About me
Operator profile // location, tooling, credentials, and selected output.
Location
Technologies
Certifications
Projects
10
Ongoing / 2
Framework
projects
Security tooling, research, and AI-assisted workflows most relevant to appsec and offensive security roles.
Blogs
Selected security articles and CVE breakdowns I wrote for Xentrika Blog.
CVE-2026-20253: Splunk's PostgreSQL Sidecar Hands Out Shells. No Credentials Required
A CVSS 9.8 pre-authentication RCE in Splunk Enterprise's PostgreSQL sidecar service lets any network-reachable attacker chain file-write primitives into full code execution, with active exploitation reported within five days of disclosure.
CVE-2026-10520: Ivanti Sentry's Internal Config API Was Open to the Whole Internet
A perfect 10.0 pre-authenticated OS command injection in Ivanti Sentry lets any unauthenticated attacker execute arbitrary commands as root. Public PoC released June 10, 2026. Patch immediately.
Open channel
Have a security problem, engineering role, or project worth discussing? Send a concise brief.





