Autonomous CTF solver that races multiple AI models in parallel. 1st place BSidesSF 2026.

a repository of all the CTF challenges I've made for public events

Usability-first dotfiles

‼️ No waybar here ‼️

EMUX Firmware Emulation Framework (formerly ARMX)

Pay Dirt

This repository discloses a server-side authorization bypass in Instagram, which allowed unauthenticated access to private timelines; it seems likely that Meta patched it silently without formal ac…

Check subdomains for subdomain takeovers and other DNS tomfoolery

✨A static blog template built with Astro.

Bot which posts when browser makers announce their intent to ship, change or remove features in their web engines!

Best and simplest tool for website change detection, web page monitoring, and website change alerts. Perfect for tracking content changes, price drops, restock alerts, and website defacement monito…

Python's pickling deserialization Remote Code Execution payload generator.

Discord CTF helper bot

HackSys Extreme Vulnerable Driver (HEVD) - Windows & Linux

MCP Server for Ghidra

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

A bash tool that looks for vulnerable subdomains for takeover, via unmanaged A records pointing to ephemeral Google owned IP addresses.

dnsReaper - subdomain takeover tool for attackers, bug bounty hunters and the blue team!

Python utility to takeover domains vulnerable to AWS NS Takeover

CTF challenges I created 🚩

Explanation and full RCE PoC for CVE-2025-55182

Personal blog website with Markdown using an Axum (Rust) backend

🎵 Official source code and writeups for SekaiCTF 2025!

Scope aggregation tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!

A collection of PDF/books about the modern web application security and bug bounty.

A standalone offline HTML5 QR code generator

A collection of files with indicators supporting social media posts from Palo Alto Network's Unit 42 team to disseminate timely threat intelligence.