Alexander

Conducted an independent security analysis of Zillow’s engagement-based ranking system, focusing on the Hot Home feature. Reverse-engineered the algorithm to identify weaknesses in rate-limiting and verification controls, demonstrating how engagement metrics could be artificially manipulated. Designed and executed controlled tests that increased a property’s visibility from 2 → 450+ views and generated 400 synthetic likes, successfully triggering the Hot Home designation. Leveraged custom OSINT tools to harvest and validate 2,000+ email addresses for account creation, achieving a 98% success rate. Authored a 10-page technical paper documenting methodology, impact analysis, and recommended mitigations, showcasing full-cycle security research and red-team methodology.

Engineered a tool to search through a breach dataset of 1.2 million Amazon employee records by first name, uncovering that hundreds of senior and executive employees' personal data remained active two years after the breach. The application provided real-time access to emails, phone numbers, job titles, departments, office locations, manager names, and other detailed employee information—data that could be exploited in social engineering attacks. It featured a Next.js frontend paired with a FastAPI backend, initially leveraging SQLite for data storage before migrating to Amazon RDS (MySQL) to enhance performance and scalability. This architecture supported efficient querying of a large dataset with minimal maintenance overhead. Following the discovery, AWS Security intervened directly, requesting immediate removal of the database and halting further development. This project highlighted the persistent risks of breach data and the power of scalable architectures in security analysis.

Developed a Python-based scraping tool processing 1,000+ pages from forums like Doxbin and SwatWiki at a rate of 50 pages per minute, achieving 95% accuracy in extracting sensitive PII. The tool was capable of capturing over 10,000 records, including social security numbers, emails, phone numbers, addresses, and names from forum posts. A custom session handler was engineered to bypass Cloudflare's BIC anti-bot protections by dynamically updating authentication cookies, ensuring uninterrupted scraping. Implemented a live tracker that enabled the program to run continuously in the background and capture data in real time, with immediate detection of any failures. Data parsing was handled by BeautifulSoup with efficient storage and querying managed via SQLite.

Developed a React-based search tool that dynamically queries over 13,000 military drones, retrieving 15+ technical specifications per drone in real time using the Wikimedia API. The application delivers optimized search results with sub-500ms response times, providing users with fast, accurate access to detailed, structured datasets.