Security Researcher & Developer

CarterLaSalle

Published security researcher with two CVEs. Notre Dame CS '29. Building open-source tools used by thousands of developers.

Published CVEs

14K+

Downloads

140+

GitHub Stars

carter@nd ~ %

$ whoami

carter.lasalle

$ cat ~/skills.json

{
"security": ["vuln-research", "pentesting"],
"dev": ["python", "typescript", "react"],
"certs": ["cisco-ethical-hacker"],
"cves": 2
}

$ echo $STATUS

BUILDING COOL THINGS

// about

Building secure systems,
breaking insecure ones.

I'm a cybersecurity-focused Computer Science student at the University of Notre Dame (Class of 2029) and a published security researcher with two CVEs to my name. My open-source tools have been adopted by hundreds of developers with 14K+ downloads.

I co-founded Phoenix Fire Labs, building autonomous wildfire monitoring systems, and I'm co-founding a stealth AI startup. From Cisco-certified ethical hacking to healthcare data platforms, my work spans the intersection of security, AI, and real-world impact.

Beyond tech, I volunteer as a medical assistant with Wound Walk on Skid Row, play club volleyball at Notre Dame, create award-winning 3D animated films, and am active in Cyber Club, Wall Street Club, and the UAV Club.

PythonTypeScriptReactNext.jsNode.jsNetwork SecurityVulnerability ResearchNmapKubernetesTerraformSQLiteComputer VisionMCP ProtocolGit

Cisco Certs

CVEs Published

14K+

PyPI Downloads

ACT Score

verified certifications

✓Ethical Hacker

✓Network Defense

✓Endpoint Security

✓Cyber Threat Mgmt

✓Intro to Cybersecurity

✓Intro to Gen AI

// experience

Professional Journey

Nov 2025 – PresentACTIVE

Phoenix Fire Labs

Co-Founder

Developing Prometheus — an autonomous wildfire monitoring system using computer vision and drone integration for real-time detection and tracking to assist firefighting efforts.

PythonComputer VisionDronesAI

Nov 2025 – PresentACTIVE

Stealth AI Startup

Co-Founder

Building innovative solutions at the intersection of artificial intelligence and practical applications. Details coming soon.

AI/MLStartupProduct Development

Jul – Sep 2025

Tompkins Robotics

Information Security Intern

Ran scoped Nmap and packet-capture investigations surfacing misconfigurations. Troubleshot production connectivity across VPN, SSH, VLANs, ACLs, and iptables. Monitored Kubernetes service health and contributed to Terraform workflow reviews.

Network SecurityKubernetesTerraformNmap

Jun – Sep 2024

Bluestone Health

Project Intern

Spearheaded data integration project to standardize and analyze eligibility data for a healthcare company serving Native American tribes. Delivered back-end platform integrated with CRM and designed UI/UX.

Data IntegrationHealthcareFull-Stack

Jul – Dec 2023

Expak Logistics

AI Software Developer

Independently developed an intelligent chatbot enabling seamless communication and real-time access to company data from Freshdesk and Salesforce.

AI/MLChatbotAPI IntegrationPython

// projects

Things I've Built

Open-source tools, security research, and software spanning cybersecurity, AI, and developer tooling.

Mac Messages MCP

Secure MCP server exposing the macOS Messages database to AI assistants. Read, analyze, and send iMessages with smart fallback across iMessage and SMS/RCS.

140+ Stars · 14K+ Downloads

PythonMCPSQLitemacOS

Prometheus (FireDrop)

Autonomous wildfire monitoring system using computer vision and drone integration for real-time fire detection and tracking.

Phoenix Fire Labs · Co-Founder

PythonComputer VisionDronesAI

LED Party

Reverse-engineered BLE-controlled LED light strips, decoded the control protocol, and built a computer interface to sync lights to music and DJ sets — a cheaper DIY alternative to DMX.

Hardware Hacking · BLE Reverse Engineering

PythonBLEReverse EngineeringAudio

Stamina Timer

AI-powered men's health platform using scientifically-backed exercises and training techniques to build stamina and confidence.

staminatimer.com · Live Product

AIHealth TechWeb App

Claude Code Countdown

Utility for Claude Code users to track when rate-limited access resets. Set your return time and get SMS notifications via Twilio 5 minutes before and at restore.

claudecodecountdown.com · Live

Next.jsTwilioDeveloper Tool

EmojiStega

Steganography research tool hiding encrypted payloads inside emoji variation selectors — novel covert-channel technique in Unicode.

Security Research

Node.jsReactCryptoUnicode

OneCard Scan

Mobile app digitizing student IDs for Apple Wallet and Google Pay via Gemini Vision API. Senior Capstone project.

Capstone Project

PythonGemini VisionPassKit

Claude Prompt Helper

Web assistant streamlining prompt engineering for Anthropic's Claude models with XML-tagged formatting and CDATA support.

Developer Tool

ReactPrompt Engineering

// security_research

ACTIVE

Vulnerability Disclosure

Published researcher practicing responsible disclosure. Discovered critical access control vulnerabilities in the Splashin iOS application — used by students nationwide for Senior Assassin.

CVE-2025-45156HIGH

CVSS 7.5

Update Interval Bypass & Unlimited Location Data Access

Backend fails to enforce 600-second update interval restriction for free-tier users. Direct API calls retrieve current location data at arbitrary intervals, enabling real-time tracking without premium subscription.

endpoint get_user_locations_by_user_ids_minimal

impact Unauthorized real-time location tracking

status DISCLOSED

CVE-2025-45157CRITICAL

CVSS 9.1

Premium Feature Access Control Failure

Location-request feature, exclusively marketed as premium, lacks server-side subscription validation. Free users can force targets to update their location immediately via push notification.

endpoint location-request

impact Complete access control bypass

status DISCLOSED

Read Full Report View on GitHub

// education

Academic Background

University of Notre Dame

BA, Computer Science

2025 – 2029

Freshman in St. Edward's Hall. Pursuing a Bachelor's in Computer Science with a focus on cybersecurity and artificial intelligence.

Cyber ClubWall Street ClubUAV ClubSIBCBeyond the DomeClub Volleyball

Windward School

Los Angeles, CA

2019–2025

34ACT Score

4yrDean's List

APScholar w/ Distinction

CSHonors Society

Varsity VolleyballBeach VB League Champs '24

Conferences & Programs

2023

DEFCON, Las Vegas

CTF competitions, security talks

2024

AIxHEART Panelist

Sole student guest speaker on AI in healthcare

2023

Georgetown – Nat'l Security & Intelligence

NSLC Summer Program

2022

American University – Cybersecurity

NSLC Summer Program

2023

Rice University – Aerospace Engineering

Summer Program

Honors & Awards

◆While America Sleeps — Nominated Best Animated Film, Best 3D, Best Sound Design, Best Production Design

◆Our Small World — Winner Best 3D Animated Film, Scholastic Art & Writing Honorable Mention

◆VP, Honors Animation Society (4 years)

◆Johns Hopkins CTY — High Honors, Quantitative Reasoning

◆STEAM Scholar (2 years)

// contact

Let's Connect

Interested in cybersecurity, AI, or collaboration? I'd love to hear from you.

carterlasalle@gmail.com

GitHub

@carterlasalle

/in/carter-lasalle

Location

Notre Dame, IN / Los Angeles, CA

CarterLaSalle

Building secure systems,breaking insecure ones.

Professional Journey

Phoenix Fire Labs

Stealth AI Startup

Tompkins Robotics

Bluestone Health

Expak Logistics

Things I've Built

Mac Messages MCP

Prometheus (FireDrop)

LED Party

Stamina Timer

Claude Code Countdown

EmojiStega

OneCard Scan

Claude Prompt Helper

Vulnerability Disclosure

Update Interval Bypass & Unlimited Location Data Access

Premium Feature Access Control Failure

Academic Background

University of Notre Dame

Windward School

Let's Connect

CarterLaSalle

Building secure systems,breaking insecure ones.

Professional Journey

Phoenix Fire Labs

Stealth AI Startup

Tompkins Robotics

Bluestone Health

Expak Logistics

Things I've Built

Mac Messages MCP

Prometheus (FireDrop)

LED Party

Stamina Timer

Claude Code Countdown

EmojiStega

OneCard Scan

Claude Prompt Helper

Vulnerability Disclosure

Update Interval Bypass & Unlimited Location Data Access

Premium Feature Access Control Failure

Academic Background

University of Notre Dame

Windward School

Let's Connect

Building secure systems,
breaking insecure ones.

Building secure systems,
breaking insecure ones.