System Online

Björn | z3r0dusk.

$

🇸🇪
Based inSweden
🛡️
FocusAppSec & Pentest
🌍
RegionEU & Scandinavia
Scroll
./about

The person
behind the
process.

I'm Björn, also known as z3r0dusk — a cybersecurity specialist with a deep focus on Application Security and Penetration Testing. My work centers on helping organizations understand their true risk exposure through hands-on, adversary-simulated assessments that go far beyond automated scanning.

Based in Sweden, I work with clients across Scandinavia and the broader European market. Whether it's a SaaS startup in Stockholm or an enterprise in Berlin, I bring the same level of precision and thoroughness to every engagement.

I believe security should be proactive, not reactive. Every assessment I deliver is built on a foundation of clear communication, actionable findings, and a genuine commitment to making the digital products we all rely on safer.

Beyond consulting, I build security tooling — including work in AI & LLM security testing, an area where traditional methodologies fall short and purpose-built approaches are essential.

🇸🇪Sweden
🇩🇰Denmark
🇪🇺Europe
Arsenal
🕷️Burp Suite
OWASP ZAP
🗺️Nmap
💣Metasploit
🦈Wireshark
💉SQLMap
👻Gobuster
☢️Nuclei
🔍ffuf
👁️Shodan
🕸️Amass
🔓Hashcat
🔨John the Ripper
🐉Hydra
🎯Nikto
🗡️CrackMapExec
🐺BloodHound
📦Impacket
🕷️Burp Suite
OWASP ZAP
🗺️Nmap
💣Metasploit
🦈Wireshark
💉SQLMap
👻Gobuster
☢️Nuclei
🔍ffuf
👁️Shodan
🕸️Amass
🔓Hashcat
🔨John the Ripper
🐉Hydra
🎯Nikto
🗡️CrackMapExec
🐺BloodHound
📦Impacket
./Services

What I Do

Application Security
01
01

Application Security

Rigorous security assessments for web applications, APIs, and mobile platforms. Manual code review, threat modeling, and vulnerability analysis aligned with OWASP methodologies.

Source Code Review
SAST & DAST
Threat Modeling
Secure SDLC Advisory
Learn more
Penetration Testing
02
02

Penetration Testing

Adversary-simulated engagements that go beyond automated scanning. Manual exploitation and creative attack chains to validate your real-world risk exposure.

Web Application
API & Microservices
Cloud Infrastructure
Red Team Operations
Learn more
Information Security
03
03

Information Security

Strategic security advisory covering governance, risk management, and compliance. Building lasting security postures through policy, awareness, and proactive threat intelligence.

Threat Intelligence
Risk Assessment
Security Policies
Compliance & GRC
Learn more
Academy Platform

Security awareness training delivered through our own platform — courses, certifications, and phishing simulations built for your team. Contact us for details →

AI & LLM Security
04Emerging
04

AI & LLM Security

Security assessments purpose-built for AI systems and language models. As AI becomes critical infrastructure, adversarial testing of these systems requires specialized methodology and tooling.

Prompt Injection Testing
Jailbreak Analysis
Training Data Exposure
Adversarial Input Testing
Learn more
./platformLive — v1.0

Vector —
Intelligence
Platform

An AI-powered OSINT and threat intelligence platform built for security teams. Map attack surfaces, correlate threat data, and surface actionable findings — from a single interface.

Access Vector
OSINT & Reconnaissance
Automated intelligence gathering across open sources — domains, IPs, exposed services, leaked credentials.
AI-Driven Analysis
Language models contextualize raw data into structured threat profiles and prioritized risk findings.
Attack Surface Mapping
Continuous discovery of external exposure — subdomains, cloud assets, API endpoints, misconfigurations.
Threat Correlation
Cross-reference intelligence across breach databases, CVE feeds, and threat actor infrastructure.
Process

How I Work

Scoping & Recon
Phase 01

Scoping & Recon

Define engagement parameters. Map the attack surface through intelligence gathering and passive enumeration.

Discovery
Phase 02

Discovery

Systematic vulnerability identification through manual analysis, automated tooling, and creative exploration.

Exploitation
Phase 03

Exploitation

Controlled, precise exploitation to validate severity and demonstrate real-world business impact.

Reporting
Phase 04

Reporting

Clear, actionable deliverables — risk-ranked findings, proof-of-concept, and remediation guidance.

./Contact

Let's talk
security.

Have an application that needs hardening? I'd like to hear about it.

hello@z3r0dusk.se