I work in cybersecurity with a focus on red and purple teaming. Most of what I do revolves around learning, building, and breaking things to understand them better. Much of that learning ends up here in the form of experiments and tools I’ve built.
- I share CTF writeups and security notes on my website.
- CVE PoC Remakes – Proof-of-concept implementations for:
- CVE-2021-27905 - Apache Solr SSRF
- CVE-2024-30167 - Atlona OME Blind RCE
- phishfolio – Collection of artifacts developed during phishing research, including: Discord-based RAT used as a C2 channel, Archive bomber generator, Look-alike domain generator, Nested zip-bomb analysis tool.
- flawfactory – Configuration-driven engine for generating intentionally vulnerable web applications.
- nemesis – CLI tool to query the National Vulnerability Database.
- brutalle – A Python shell with reverse shell capabilities, file transfer, and cleanup features.