_
Offensive Security Engineer

I'm Emmanuel Awe

Building offensive capabilities with engineering precision

I approach security as systems engineering—understanding how things break at the lowest levels, building tools that matter, and pushing the boundaries of what's possible in offensive research.

View Projects Read Blog
~/cocofelon
$ whoami
offensive_security_engineer
$ cat skills.txt
penetration_testing
malware_development
api_security
cloud_exploitation
ai_security_tooling
$ echo $STATUS
ready_to_break_things
Career

Experience

Building security expertise through hands-on offensive work

2024 — Present

Exploit Forge (EXF)

Offensive Security Engineer

Conducting penetration testing, vulnerability research, and red team operations. Building AI-powered automation for security operations including lead generation and social media marketing—essentially created an entire marketing team with Zapier and AI.

Penetration Testing Red Team AI Automation Vulnerability Research
Jan — Jun 2023

Platview Nigeria

Cybersecurity Analyst

Performed security assessments, monitored threat landscapes, and implemented defensive measures. Gained foundational experience in enterprise security operations and incident response procedures.

Security Analysis Threat Monitoring Incident Response
2021 — Present

Independent Practice

Security Researcher & Consultant

Freelance penetration testing and security consulting. Conducting independent vulnerability research, developing custom security tooling, and mentoring 20+ aspiring security professionals through hands-on training.

Consulting Vulnerability Research Mentorship Tool Development
Capabilities

Skills & Expertise

Technical depth across offensive security domains

Offensive Security

  • Penetration Testing (Web, API, Network)
  • Red Team Operations
  • Malware Development & Analysis
  • Exploit Development
  • Social Engineering

Cloud & Infrastructure

  • AWS Security & Exploitation
  • Azure Security Assessment
  • Container Security (Docker/K8s)
  • Infrastructure as Code Auditing
  • SSRF & Cloud Metadata Attacks

Programming & Tooling

  • Python (Security Tooling)
  • C/C++ (Malware Dev)
  • Bash/PowerShell Scripting
  • JavaScript (Web Security)
  • Custom Tool Development

API & Application Security

  • REST/GraphQL API Testing
  • Authentication Bypass
  • IDOR & Access Control Flaws
  • Business Logic Vulnerabilities
  • Mobile App Security
Work

Projects

Tools and research that push boundaries

🎯
Featured

Beulah Intrusion

Advanced malware project achieving Windows Defender bypass through custom shellcode loading and evasion techniques. Explores syscall mechanics, memory manipulation, and behavioral detection evasion. Private repository with detailed research in the "Sneaky Shellcode Shenanigans" blog.

C++ Windows API Shellcode EDR Evasion
🤖
Featured

AI-Powered SAST Machine

Locally-hosted AI-driven static analysis security testing engine. Model-agnostic design for future-proofing, structured machine-readable output, and integration with existing CI/CD pipelines. Focuses on reasoning about code behavior, not just pattern matching.

Python LLM Integration SAST CI/CD
🦅

Hunting Eye

ML-powered malware implementing advanced attack techniques including process hollowing, credential harvesting, and persistence mechanisms. Research-focused exploration of modern threat capabilities.

Python ML Windows
🎣

Campaign Control Center

Full-featured phishing simulation platform for red team operations. Includes campaign management, email templating, landing page creation, and detailed analytics for social engineering assessments.

Python Flask Phishing
🔬

Malware Analysis Lab

Isolated virtualized environment for safe malware testing and analysis. Includes network monitoring, behavioral analysis tools, and automated detonation capabilities.

VMs Network Analysis Sandboxing
📡

AI Nmap Analyzer

Locally-hosted AI system for intelligent Nmap scan analysis. Automatically identifies attack vectors, prioritizes findings, and generates actionable reconnaissance reports.

Python LLM Nmap
📱

APK Signing Utility

Open-source tool for APK signing and unbundling operations. Streamlines mobile security testing workflows with automated certificate handling and app manipulation.

Python Android Open Source
Credentials

Certifications

Validated expertise in offensive security

🛡️

MCRTA

Modern Cyber Range Threat Analyst

🔴

cRTA

Certified Red Team Analyst

🔐

API Security

APIsec University

Note: I believe in ethical security research. All testing is conducted with proper authorization, and findings are disclosed responsibly. The goal is always to make systems more secure, not to cause harm.

Writing

Latest Posts

Deep dives into security research and methodology

Philosophy Dec 15, 2024 8 min

Offensive Security as Systems Engineering

I approach offensive security as systems engineering—not as a collection of tools or techniques, but as a discipline of understanding complex systems and their failure modes.

Read more →
Pentesting Nov 20, 2024 15 min

I HACKED A BANK: 17 Critical Vulnerabilities

A comprehensive security assessment revealing SQL injection, SSRF, privilege escalation, and complete attack chains in a banking application.

Read more →
Cloud Dec 15, 2024 12 min

CWL Cloud Breaker — SSRF → EC2 Role Impact

How a tiny input-validation slip in a server-side fetch feature led to catastrophic cloud identity compromise through SSRF and IAM credential exposure.

Read more →
View All Posts →