Software engineer and offensive security researcher. Full-stack development and vulnerability research with coordinated disclosure, from application code to the kernel.
São Paulo, Brazil · Software Engineering @ FIAP
- Full-stack and backend development: Java, TypeScript, Python, C++.
- Vulnerability research, reverse engineering, and pentesting.
- CVE-2025-61155 — co-credited researcher (with Gabriel Maciel Ramos and Gabriel Gomes). Access control flaw in a signed kernel driver on Windows (
GameDriverX64.sys): an unprivileged IOCTL reachesZwTerminateProcessin kernel context, allowing arbitrary processes to be terminated, including protected security services (BYOVD / EDR-killer class). CWE-400 · CVSS 5.5.
- pagewright — skill for Claude Code that generates landing pages from a one-line brief. Python.
- Caustic — personal security research project: 90-day disclosure policy, PGP contact, public advisories.
- CRTA — Certified Red Team Analyst (CyberWarFare Labs)
- NPP — Novo Pentest Profissional (Desec Security)
Java · TypeScript · Python · C++





