About

0xluk3

I'm Luke, a self-taught cybersecurity researcher with a passion for understanding complex things by breaking them.

I like learning by doing and sharing knowledge, and this blog is where I put it all together.

Happy to connect - whether it's security work, a collaboration, or just to say hello. Reach out to me directly on X, or book me on Cantina.

See my security portfolio for a selection of my work.

What I Do

Since 2021 I've been in the web3 space, starting with EVM and Solidity and now covering Rust (Solana, CosmWasm, Substrate, Stylus) and Move (Sui, Aptos). I do smart contract audits, penetration tests, non-EVM audits, and ZK tech stack audits as an independent security researcher. I'm also the CTO and co-founder of Monethic - a smart contract audit shop focused on non-EVM and offchain security.

Recently exploring LLM and AI agent security, and zero-knowledge proofs and privacy-focused web3 technology.

Background

I landed my first penetration testing job in 2016. Over the years I conducted countless webapp, infrastructure, system configuration, mobile application, and cloud security assessments, got into binary exploitation and reverse engineering, and authored certification courses at INE.com (formerly eLearnSecurity) - eJPT, eWPTXv2, and eCXD (binary exploitation on Linux and Windows). I leverage my web2 background to assess security across hybrid web3, AI and traditional stacks.