Data Engineer, AMMP Technologies B.V.

ammp.io

• Led the management and maintenance of AWS-based data services and CI/CD pipelines using GitHub Actions and CodePipeline
• Developed and maintained a suite of Python libraries for internal applications and led data integrations with external APIs and data analysis tools
• Conducted frequent log analysis to identify system states and potential areas for optimization, resulting in increased efficiency and cost savings
• Implemented security checks into the CI/CD pipelines of core services, specifically our API, resulting in the identification and fixing of major security issues within our applications
• Reduced AWS ECS cost by improving memory management, reducing compute waste, and migrating to ARM64 compute, resulting in a significant reduction in our infrastructure expenses

Bug Bounty Hunter, HackerOne

nulcell.github.io

• Conducted thorough analysis of frontend JavaScript to steal user credentials and API keys through a MITM attack due to a misconfigured login functionality
• Successfully discovered and exploited XXE & SSRF vulnerabilities within a Java application to steal AWS access keys in a compute cluster by testing the API’s handling of non-JSON input data
• Uncovered leaked API keys in live and archived pages, leading to complete control of all customer accounts and resulting in a significant payout through the bug bounty program
• Collaborated with a team of highly skilled bug bounty hunters to test and secure a variety of web applications

Cybersecurity Analyst, Tereta

• Provided expert consultation on penetration tests for a range of clients in various industries
• Assisted with PCI DSS v4 compliance checks for clients, ensuring their payment systems were secure and compliant
• Conducted comprehensive vulnerability assessments and proposed effective remediation strategies to secure clients’ systems and data

Application Security Engineer, Security Contractor

• Discovered exposed /.git directories via direct IP address access and successfully dumped source code, leading to the identification of multiple vulnerabilities during analysis
• Exploited leaked credentials to gain code execution through a successful phpMyAdmin SQL injection attack, me to compromise other domains hosted on the server
• Compromised an insurance admin portal containing sensitive client data through the exploitation of misconfigured redirects and IDORs
• Discovered and exploited SQL injection and SSRF vulnerabilities, exposing internal systems and information of a major Nigerian government organization
• Accessed the WordPress Admin page through the reuse of passwords and weak credentials, then gaining code execution by uploading a malicious WordPress plugin, leading to the identification of multiple vulnerabilities when analyzing the source code on the server

Intern/Tutor, Linux Professional Institute Innovation Hub

lpihub.org

• AWS Solutions Architect Training
• Trained students in cybersecurity
• I served as technical support for hosted events

University of Ibadan, Ibadan, Oyo, Nigeria

B.Sc, Electrical & Electronics Engineering

Team Member, M4xH3dr00m

Nigerian Ethical Hacking group

Cybersecurity Lead, Google Developer Student Club - University of Ibadan

Training students who want to get into the field of Cybersecurity