Available for federal & cleared engagements

ShadeXploitCybersecurity Student | Aspiring Red Team Professional

13+ years of self-taught offensive security experience — web app testing, bug bounty hunting, and real-world penetration assessments.

View Projects Contact Me Request Resume

$ whoami → offensive-security · vuln-research · exploit-dev

ShadeXploit

[ identity protected ]

Midwest, U.S. · Open to security opportunities● secure

About

Adversary mindset, engineering discipline

I help organizations understand and reduce real-world risk by thinking like an attacker and building like an engineer.

I'm a self-taught cybersecurity practitioner with 13+ years of hands-on experience in web application security, penetration testing, and bug bounty hunting. Currently pursuing a Cybersecurity Specialist program at Waukesha Technical College with a 3.9 GPA.

Most recently I completed an internal penetration test at a mid-size law firm — an authorized AIDR engagement that uncovered multiple severe vulnerabilities across web apps and internal services. I work directly with dev teams to verify fixes and produce clear findings for both technical and non-technical stakeholders.

Outside of engagements I hunt bugs through public programs on HackerOne and coordinated disclosure, build recon and scanning automation tools, and continuously sharpen my skills toward a full-time red team role.

Years Self-Taught Experience

Independent Security Projects

Bug Bounties Reported

Pentest Engagements

Capabilities

A full offensive security toolkit

Hands-on expertise across the attack lifecycle, backed by strong software engineering fundamentals.

Penetration Testing

Hands-on web and environment testing with Kali Linux, Metasploit, and Burp Suite.

proficiency78%

Kali LinuxMetasploitBurp SuiteWeb Testing

Web Application Security

Manual discovery and validation of impactful flaws including auth and logic issues.

proficiency80%

OWASPXSSAuth/LogicManual Testing

Network Security

Network scanning and defensive review with Nmap, Wireshark, and firewall validation.

proficiency74%

NmapWiresharkFirewallHardening

Cryptography & Encryption

Practical familiarity with GPG, VeraCrypt, and OpenSSL for secure workflows.

proficiency69%

GPGVeraCryptOpenSSLKey Mgmt

Bug Bounty Hunting

Independent coordinated disclosure across live programs with reproducible reports.

proficiency82%

HackerOneDisclosureTriageReporting

Python

Security scripting and automation for recon and repeatable checks.

proficiency70%

AutomationReconScriptingTooling

System Administration

Linux and Windows security setup, baseline hardening, and operations support.

proficiency72%

LinuxWindowsBashHardening

PowerShell

Early-stage scripting for administrative and security tasks.

proficiency40%

PowerShellScriptingBeginner

Projects

Tools I've built and broken

Auto-loaded GitHub repositories plus selected highlight projects.

Offensive

Law Firm Internal Pentest (AIDR)

Authorized internal penetration test at a mid-size law firm. Discovered and reported multiple severe vulnerabilities across web apps and internal services with full remediation guidance.

Burp SuiteKali LinuxManual TestingOWASPReporting

Code

Tooling

Web App Security Assessment Program

Ongoing authorized testing of web environments — discovery, manual exploitation, and dev-team remediation tracking.

Burp SuiteOWASPManual TestingReporting

Code

Research

Security Automation Scripts

Built scripts to automate vulnerability scanning and network reconnaissance, reducing manual recon time.

PythonBashNmapAutomation

Code

Offensive

Bug Bounty Disclosure Workflow

Identified and validated web vulnerabilities across live public programs, submitting reproducible PoCs via HackerOne and coordinated disclosure.

HackerOneProof of ConceptTriageDisclosure

Code

Bug Bounties

Real-world findings in the wild

A few bounty reports across public programs, focused on practical impact and responsible disclosure.

2025

Web Platform Program

HackerOne

Severity: High

2025

SaaS Application Program

Bugcrowd

Severity: Medium

2024

Independent Disclosure Case

Coordinated Disclosure

Severity: High

2024

Web Service Program

Independent

Severity: Medium

Blog & Writeups

Research, writeups & disclosures

Technical deep dives, CTF walkthroughs, and coordinated vulnerability disclosures.

Writeup

Internal Pentest Findings: Severe Vulns at a Law Firm

Walkthrough of a recent AIDR internal engagement — methodology, critical findings, and remediation approach. Details sanitized to protect client confidentiality.

Jun 202610 min

Writeup

Bug Bounty Recon Workflow That Works for Me

How I structure recon sessions for bug bounty programs — tooling, automation scripts, and what to focus on for faster triage.

Coming soon—

Research

Web App Testing on a Budget: Kali + Burp Free Tier

Practical guide to doing effective web application testing with free tools and a methodical OWASP-based approach.

Coming soon—

Comments

Discussion is powered by GitHub Discussions.

Set Giscus env vars to enable comments.

Experience

13+ years building real skills

Self-taught from the ground up — from independent study to authorized penetration tests and bug bounty work.

2024 — PresentFull-time

Internal Penetration Tester

Mid-Size Law Firm (Authorized Engagement)

Performed a full AIDR internal penetration test, uncovering multiple severe vulnerabilities across web apps and internal services.
Received developer-level environment access for authorized security testing and configuration auditing.
Delivered detailed findings to technical and non-technical stakeholders with prioritized remediation steps.
Tracked fix verification and worked directly with dev/ops teams to confirm secure deployments.
Conducted ongoing web app discovery and manual testing to reduce persistent attack surface.

2018 — PresentContract

Bug Bounty Hunter

Independent

Proactively identified web and application vulnerabilities across live programs.
Submitted coordinated disclosures with reproducible proof-of-concepts.
Worked with program teams to validate remediation and close reports.

2020 — PresentContract

Independent Security Projects

Self-Directed

Completed security assessments for small organizations with mitigation recommendations.
Developed automation scripts for vulnerability scanning and reconnaissance.
Supported network hardening efforts focused on encryption and firewall improvements.

2023 — PresentFull-time

Cybersecurity Specialist Program

Waukesha Technical College

Maintaining 3.9 / 4.0 GPA with coursework focused on practical security operations.
National Technical Honor Student recognition.
Cybersecurity Specialist track with hands-on labs in networking, hardening, and threat analysis.

2011 — PresentFull-time

Self-Taught Security Practitioner

Independent

13+ years of continuous self-directed learning across offensive security, networking, and systems.
Built foundational skills through hands-on practice with Kali Linux, Metasploit, Burp Suite, and scripting.
Developed deep practical knowledge through independent research, CTFs, and real-world testing scenarios.

Connect

Where to find me

No contact form, no spam, no backend maintenance. Reach out through social channels or request details privately.

GitHub

Projects, tooling, and writeups

Professional profile and updates

TryHackMe

Labs, rooms, and progression profile

Shared privately after initial connection

Request Resume

Available for federal & cleared engagements

ShadeXploitCybersecurity Student | Aspiring Red Team Professional

13+ years of self-taught offensive security experience — web app testing, bug bounty hunting, and real-world penetration assessments.

View Projects Contact Me Request Resume

$ whoami → offensive-security · vuln-research · exploit-dev

ShadeXploit

[ identity protected ]

Midwest, U.S. · Open to security opportunities● secure

About

Adversary mindset, engineering discipline

I help organizations understand and reduce real-world risk by thinking like an attacker and building like an engineer.

Years Self-Taught Experience

Independent Security Projects

Bug Bounties Reported

Pentest Engagements

Capabilities

A full offensive security toolkit

Hands-on expertise across the attack lifecycle, backed by strong software engineering fundamentals.

Penetration Testing

Hands-on web and environment testing with Kali Linux, Metasploit, and Burp Suite.

proficiency78%

Kali LinuxMetasploitBurp SuiteWeb Testing

Web Application Security

Manual discovery and validation of impactful flaws including auth and logic issues.

proficiency80%

OWASPXSSAuth/LogicManual Testing

Network Security

Network scanning and defensive review with Nmap, Wireshark, and firewall validation.

proficiency74%

NmapWiresharkFirewallHardening

Cryptography & Encryption

Practical familiarity with GPG, VeraCrypt, and OpenSSL for secure workflows.

proficiency69%

GPGVeraCryptOpenSSLKey Mgmt

Bug Bounty Hunting

Independent coordinated disclosure across live programs with reproducible reports.

proficiency82%

HackerOneDisclosureTriageReporting

Python

Security scripting and automation for recon and repeatable checks.

proficiency70%

AutomationReconScriptingTooling

System Administration

Linux and Windows security setup, baseline hardening, and operations support.

proficiency72%

LinuxWindowsBashHardening

PowerShell

Early-stage scripting for administrative and security tasks.

proficiency40%

PowerShellScriptingBeginner

Projects

Tools I've built and broken

Auto-loaded GitHub repositories plus selected highlight projects.

Offensive

Law Firm Internal Pentest (AIDR)

Authorized internal penetration test at a mid-size law firm. Discovered and reported multiple severe vulnerabilities across web apps and internal services with full remediation guidance.

Burp SuiteKali LinuxManual TestingOWASPReporting

Code

Tooling

Web App Security Assessment Program

Ongoing authorized testing of web environments — discovery, manual exploitation, and dev-team remediation tracking.

Burp SuiteOWASPManual TestingReporting

Code

Research

Security Automation Scripts

Built scripts to automate vulnerability scanning and network reconnaissance, reducing manual recon time.

PythonBashNmapAutomation

Code

Offensive

Bug Bounty Disclosure Workflow

Identified and validated web vulnerabilities across live public programs, submitting reproducible PoCs via HackerOne and coordinated disclosure.

HackerOneProof of ConceptTriageDisclosure

Code

Bug Bounties

Real-world findings in the wild

A few bounty reports across public programs, focused on practical impact and responsible disclosure.

2025

Web Platform Program

HackerOne

Severity: High

2025

SaaS Application Program

Bugcrowd

Severity: Medium

2024

Independent Disclosure Case

Coordinated Disclosure

Severity: High

2024

Web Service Program

Independent

Severity: Medium

Blog & Writeups

Research, writeups & disclosures

Technical deep dives, CTF walkthroughs, and coordinated vulnerability disclosures.

Writeup

Internal Pentest Findings: Severe Vulns at a Law Firm

Walkthrough of a recent AIDR internal engagement — methodology, critical findings, and remediation approach. Details sanitized to protect client confidentiality.

Jun 202610 min

Writeup

Bug Bounty Recon Workflow That Works for Me

How I structure recon sessions for bug bounty programs — tooling, automation scripts, and what to focus on for faster triage.

Coming soon—

Research

Web App Testing on a Budget: Kali + Burp Free Tier

Practical guide to doing effective web application testing with free tools and a methodical OWASP-based approach.

Coming soon—

Comments

Discussion is powered by GitHub Discussions.

Set Giscus env vars to enable comments.

Experience

13+ years building real skills

Self-taught from the ground up — from independent study to authorized penetration tests and bug bounty work.

2024 — PresentFull-time

Internal Penetration Tester

Mid-Size Law Firm (Authorized Engagement)

Performed a full AIDR internal penetration test, uncovering multiple severe vulnerabilities across web apps and internal services.
Received developer-level environment access for authorized security testing and configuration auditing.
Delivered detailed findings to technical and non-technical stakeholders with prioritized remediation steps.
Tracked fix verification and worked directly with dev/ops teams to confirm secure deployments.
Conducted ongoing web app discovery and manual testing to reduce persistent attack surface.

2018 — PresentContract

Bug Bounty Hunter

Independent

Proactively identified web and application vulnerabilities across live programs.
Submitted coordinated disclosures with reproducible proof-of-concepts.
Worked with program teams to validate remediation and close reports.

2020 — PresentContract

Independent Security Projects

Self-Directed

Completed security assessments for small organizations with mitigation recommendations.
Developed automation scripts for vulnerability scanning and reconnaissance.
Supported network hardening efforts focused on encryption and firewall improvements.

2023 — PresentFull-time

Cybersecurity Specialist Program

Waukesha Technical College

Maintaining 3.9 / 4.0 GPA with coursework focused on practical security operations.
National Technical Honor Student recognition.
Cybersecurity Specialist track with hands-on labs in networking, hardening, and threat analysis.

2011 — PresentFull-time

Self-Taught Security Practitioner

Independent

13+ years of continuous self-directed learning across offensive security, networking, and systems.
Built foundational skills through hands-on practice with Kali Linux, Metasploit, Burp Suite, and scripting.
Developed deep practical knowledge through independent research, CTFs, and real-world testing scenarios.

Connect

Where to find me

No contact form, no spam, no backend maintenance. Reach out through social channels or request details privately.

GitHub

Projects, tooling, and writeups

Professional profile and updates

TryHackMe

Labs, rooms, and progression profile

Shared privately after initial connection

Request Resume