About

As a dedicated Vulnerability Researcher at Cymulate, I specialize in Reverse Engineering, utilizing tools like IDA, GDB, Jadx, and Frida, with additional expertise in Android internals and Mobile Security. I possess a strong understanding of cloud environments, including Azure, AWS, and GCP, as well as Kubernetes (K8S). Much of my recent research focuses on the security of AI coding tools and agents — Anthropic’s Claude Code, OpenAI’s Codex CLI, and the Model Context Protocol (MCP) — where I’ve disclosed multiple CVEs involving prompt injection, sandbox escapes, and privilege escalation. Passionate about research and development, I thrive in team environments and am driven by a commitment to solving complex security challenges. I also have over five years of experience in Capture The Flag (CTF) challenges, excelling in Reversing, Pwn, Mobile, Cryptography, and Forensics as a member of the CamelRiders CTF Group.

Experience

Senior Security Researcher @ Cymulate
Vulnerability research on cloud platforms (Azure AD/Entra ID, AWS, GCP), Microsoft Windows Admin Center and AI coding tools (Claude Code, Codex CLI, MCP). 9 CVEs, coordinated disclosures with Anthropic, Microsoft and AWS, conference talks at RSAC, Insomni’hack and BlueHat.
Mobile Security Researcher @ Matrix
Offensive mobile security research — Android internals, mobile reverse engineering; co-designed security/recruiting challenges.

Education

B.Sc. Computer Science, Holon Institute of Technology (HIT)

Certifications

Cybersecurity Program · Kernelios — Cyber Academy

Press & mentions

CybersecurityNewsOne-Click RCE in Azure Windows Admin Center Lets Attackers Execute Arbitrary Commands
CybersecurityNewsAzure Identity Token Vulnerability Enables Tenant-Wide Compromise in Windows Admin Center
GBHackersAzure Identity Token Flaw Exposes Windows Admin Center to Tenant-Wide Breaches
CybersecurityNewsWindows Admin Center Vulnerability (CVE-2025-64669) Lets Attackers Escalate Privileges
XPN InfoSec Blog (Adam Chester)An Evening With Claude Code — “a fantastic writeup of a code exec vulnerability”
CyberpressSecurity Flaw in Claude Lets Attackers Abuse AI to Run Unauthorized Commands
CybersecurityNewsClaude Vulnerabilities Let Attackers Execute Unauthorized Commands With its Own Help
Embrace The RedAnthropic Filesystem MCP Server: Directory Access Bypass — “shout out to Elad Beber, who reported it to Anthropic first”
GBHackersClaude AI Flaws Let Attackers Execute Unauthorized Commands Using the Model Itself
SQ MagazineClaude's AI Assistant Helped Hackers Exploit Its Own Weaknesses
tl;dr secAnthropic MCP research featured (issue #293)
CybersecurityNewsAnthropic's MCP Server Vulnerability Allowed Attackers to Escape Sandbox and Execute Code
GBHackersAnthropic MCP Server Flaw Allows Sandbox Escape and Code Execution
SecurityOnlineAnthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE
The Hacker NewsCritical MCP-Remote Vulnerability
CybersecurityNewsAWS Systems Manager Plugin Vulnerability Lets Attackers Execute Arbitrary Code
GBHackersAWS Systems Manager Plugin Flaw Allows Arbitrary Code Execution
The Hacker NewsAmazon EC2 SSM Agent Flaw Patched After Disclosure
ForbesMicrosoft Issues Mandatory 2FA Login Deadline Alert (Double Agent research)
SC MediaMicrosoft Entra ID bug lets attackers impersonate any synched user
The Hacker NewsDouble Agent research coverage