Pentesting
# CVE-2026-11645 - Chrome V8 Out-of-Bounds Read/Write Exploit
Open-source security intelligence engine for developers. Orchestrates nmap, nikto, semgrep, whatweb, trivy, cortex-crawler & curl. Builds attack graphs, narrates risk, and generates fixes. Runs fully locally, without any cost
2026-06-09 Humanity Protocol $H attack report
Automatically scans directories and finds DLL files with unsafe memory sections that have read, write, and execute (RWX) flags at the same time. A tool for information security audit and vulnerability research.
C2 server fingerprinter — Cobalt Strike, Sliver, Mythic, Havoc, Brute Ratel
RedTeam-ENV is a modular, automated orchestration framework for advanced penetration testing. It centralizes 19 specialized tools for OSINT, cloud auditing, WAF evasion, stealth tunneling, and stress testing
RedTeam-Toxy4ny-X is a unified, modular cybersecurity framework combining four specialized tools: CloudFlare WAF evasion (Knockin-on-Heaven-s-Door), high-performance network stress testing (artaxerxes), phishing/ransomware simulation (bl00dym4ry), and AI offensive capability benchmarking (redteam-ai-benchmark). For educational & research use.
Blackfield was a beautiful Windows Activity directory box
This is a practical research into npm supply chain attacks, malicious package detection, and developer security using Azure, Node.js, and Falco.
TypeScript PoC for CVE-2024-54887 (TP-Link TL-WR940N authenticated RCE)
Proof-of-Concept checker/exploit for MantisBT SOAP auth bypass (CVE-2026-30849 / GHSA-phrq-pc6r-f6gh)
Shai-Hulud: Miasma (Azure:Durabletask) Open Source This repository contains a normalized, deobfuscated copy of the Azure DurableTask JavaScript payload associated with Shai-Hulud: Miasma.