Hey! I’m legacv, a student at Purdue University studying cybersecurity & network engineering technology, graduating in December ‘25. If you’re here from an application I sent in, you might want to take a look at my Tools & Skills page.

This blog is meant to host my blog posts and act as a portfolio for what I’ve done as an undergraduate (& beyond?)

My interests lie in penetration testing; I’m familiar with network and web application pentesting, and am developing an interest in IoT systems & hardware. I’ve got my eJPT certification, as well as my Security+, and am planning on taking the OSCP in 2026. In the past, I’ve worked on the InfoSec team of a medium-size organization doing application security testing, some security automation & process streamlining, phishing metric analysis, & various other projects. This past summer, I was on the cybersecurity team of a different, much larger organization, working with AWS GuardDuty, EKS, Snaffler, Wiz, Tenable… Lots of things, which hopefully I’ll blog about someday.

My security research is just getting started. I’d like to contribute to the community by writing exploits & finding CVEs, like any good vulnerability researcher. Here is my latest attempted exploit; right now I’m writing a PoC for CVE-2025-52906 and reversing the obfuscated version of KawaiiGPT to see if there’s any hidden malware in it. Otherwise, I’ve written a paper on the vulnerabilities that rehosting introduces into a company’s cloud environment and written a proposal on a structure for understanding IoT botnet-C2 communication (uploading soon).

The literature reviews & other projects I’ve done include a paper on GSM cracking; a hand-made strain of ransomware; an analysis of BlueKeep, EternalBlue, and DirtyCOW; and the application of Merton and Agnew’s Strain Theories on The Shadow Brokers and their data theft.

I also run a homelab, this blog, and do various CTFs. My team placed 5th in the fall 2024 experienced bracket of NCL, 4th in the spring 2025 standard bracket of NCL, and 8th in CyberSEED 2025. We (Purdue) also love going to CPTC in the fall.

Happy to provide a resume on request, though it may not be as up-to-date as this blog. Email me at legacv@proton.me (PGP key) or DM me on Mastodon at legacv@infosec.exchange.