ThreatABLE Feed

GitHub - QWED-AI/qwed-learning: 🎓 Free course on deterministic AI verification. Learn how to mathematically prove LLM output correctness using formal methods. From theory to production workflows with QWED-AI.

Account Takeover in Facebook mobile app due to usage of cryptographically unsecure random number generator and XSS in Facebook JS SDK | Youssef Sammouda (sam0) personal blog

- YouTube

AI insiders seek to poison the data that feeds them • The Register

- YouTube

Attention Required! | Cloudflare

Responsible Disclosure: Exposed 22GB SQL Backup on Bondstein Technologies (Bangladesh) Server

Petition · Create Amya’s Law to prevent child access to unsecured firearms - United States · Change.org

blazelight.dev

GitHub - nullsection/chisel-ng: Chisel new generation, written in rust. SSH under WSS with some customization.

WhisperPair: Hijacking Bluetooth Accessories Using Google Fast Pair

- YouTube

Just a moment...

- YouTube

AI-Powered Deepfake Scams Are A Pain In The Wallet

WinBoat: Drive by Client RCE + Sandbox escape. · hack.do

Multiple cross-site leaks disclosing Facebook users in third-party websites | Youssef Sammouda (sam0) personal blog

Instagram account takeover via Meta Pixel script abuse | Youssef Sammouda (sam0) personal blog

When Authorization Is Static, Risk Accumulates Silently | Cerbos

Leaking Meta FXAuth Token leading to 2 click Account Takeover | Youssef Sammouda (sam0) personal blog

StackWarp

China spies used Maduro capture as lure to phish US agencies • The Register

- YouTube

Just a moment...

Santa Cruz the First in California to Terminate Its Contract With Flock Safety | KQED

🔍 Explore assorted proof of concept exploits for software vulnerabilities, designed for educational use and responsible disclosure.

Professional security google.

proof-of-concept_artelier-

Operating System Security Fundamentals using Ubuntu

Proof of Concept exploring Spring AI capabilities

Penetration Testing Toolkit: This project focuses on the design and development of a Python-based Penetration Testing Toolkit that performs fundamental security assessments using a modular architecture.

Cyber-Security-LAB

AI for Finance Hack от Райффайзенбанк

Murder Mystery 2 Script 2026 – Keyless, mobile & PC! Silent Aim, Aimbot, Auto Shoot, Auto Farm Coins & Candy. Dominate every round with ESP, Speed Hack & more. 100% working, no key needed. Download now & level up fast!

Created an enhanced security for intrusion detection using a hybrid model

Security_Scanner

Hacking_Gadgets

60-day lesson plan to master architecting security for Spring Boot applications (Spring Boot 3 / Spring Security 6). Each day has a clear goal + hands-on deliverable.

🔥 RED DRAGON OFFICIAL BOX 🔥 ⚡ HACKER STYLE WEB TOOL ⚡

A machine learning–driven proof-of-concept for monitoring afforestation success using multi-temporal drone imagery and orthomosaic analysis. This project focuses on automated detection of sapling survival and casualties by comparing drone surveys captured

A proof of concept exploring activation control techniques based on the paper "Activation Addition: Steering Language Models Without Optimization" (Turner et al., 2023). This project tests inference time control methods as a lightweight alternative to fin

Final capstone activity for the CISCO/ParoCyber Ethical Hacking Course

Proof of Concept for Atomic Replay attacks using Time-Division Multiplexing on a single CC1101.

Promise_Hacking_Lab.

My HACKING.md file for Error Handling in Golang. Can also be imported into an AGENTS.md file.

An endpoint security agent that detects unauthorized authentication attempts and automatically collects forensic evidence for incident response.

Enterprise cloud engineer incident response runbooks covering security-led escalation, severity classification, emergency change management, and blameless postmortems.

🛡️ Cybersecurity Portfolio & CTF Writeups - SOC, Web Security, AI Security

A RESTful backend API for managing tasks and tracking productivity, featuring user authentication, task analytics, and JWT-based security built using Node.js and Express.

social-security-app

Multi-tenant, usage-based billing with enterprise-grade security and reliability

Project Argos is a high-fidelity, ML-powered security platform designed to automate threat identification and neutralise incidents in real-time. Built with a tactical React frontend and a robust Flask backend, it bridges the gap between raw telemetry and

alx-backend-security

Great place to learn cyber security https://overthewire.org/wargames/bandit/bandit1.html

As a Security Engineer for NexsusCore Technologies, i am implementing a DevSecOps pipeline for their payment processing platform.

Proof-of-concept Slate editor built using the experimental Edit Context API

This project aims to develop a Machine Learning and Image Processing Proof of Concept (PoC) for the Odisha Forest Department, which plants nearly 5 crore trees annually. The solution will automate the monitoring of sapling survival in irregular afforestat

This project integrates pfSense and Kali Linux with the ELK Stack for centralized log collection and visualization. Logs from Snort on pfSense and syslog-ng on Kali are forwarded to Logstash running in Docker on Kali. The ELK Stack parses and visualizes t

NW Hacks 2026 Hackathon project repository.

Step-by-step guide to deploy a Wazuh SIEM lab on VirtualBox using multiple virtual machines for hands-on security testing.

NW Hacks 2026 Project

This portfolio represents an enterprise-grade Cloud & Identity Security program aligned with Zero Trust Architecture (NIST 800-207), modern IAM practices, and continuous compliance frameworks including SOC 2, SOX, ISO 27001, and PCI-DSS.

Paul-Technologies-Security

Advanced MERN Stack Application featuring a pixel-perfect Dashboard, Real-time Stock Analytics (Recharts), and hardened backend security. Demonstrates mastery of React patterns, REST API design, and Production-Readiness standards.

"This course presents the purpose of Application Programming Interfaces (APIs), their functions, and how to use and manage them in the context of web development. Coding projects use various APIs to link applications and resources. Information security an

Azure custom policies for detecting configuration drift and security misconfigurations

RomHackingNet

Evaluación de riesgos de seguridad asociados a dispositivos USB que emulan HID utilizando un Arduino Leonardo. El proyecto analiza vectores de ataque básicos y propone medidas de mitigación aplicables a entornos organizacionales reales.

DevOps-Security-Assignment-2026

CyberSecurityPro

A proof-of-concept project for learning Go and OpenGL

Authentication Proof of Concept

Local security timeline for macOS - Time Machine for security events and incidents

NatiTube is a lightweight script designed to replace the standard YouTube web player with the native system player on iOS and Android devices. It enables native Picture-in-Picture, system-level gesture controls, and improved performance by bypassing the m

Ethical-Hacking-Final-Capstone-Activity

Production-ready CLI to detect dependency drift and security risks.

A lightweight, automated Web Security Audit tool built with Flask. Features real-time risk scoring, SSL certificate inspection, security header analysis, and PDF reporting.

Proof-of-concept prototype for AI-assisted SOC alert triage, demonstrating alert prioritization, explainable risk scoring, and tuning trade-offs

gemini Hack day - git hub code reviewer

Hack and Roll Hackathon project.

Full Stack Web Developer | Cyber Security Consultant | UI/UX Designer

Proof of concept for deployment of a type-1 inventory & order management system

ASSESSMENT-1_Proof-of-Concept_Artelier

we are hacking

A proof-of-concept web-based file organizer built with Node.js, Express, SQLite, and Multer. Developed as an academic project and left incomplete due to unresolved errors encountered close to submission.

This is our Hack&Roll 2026 submission! It is a gamified dashboard for students to earn achievements in their campus, and have fun along the way :)

Proof of concept for a single-node Kubernetes with an application

Hackaton United Hacks V6

UofT Hacks 13

NW Hacks 2026 project

A curated list of offensive security and OSINT conference YouTube channels.

ZeroDay. Advanced offensive security scanner for WordPress. Automatically detects misconfigurations, plugin vulnerabilities, and client-side attack surfaces (XSS, CSP bypass, ad-based risks). Built for authorized penetration testing and bug bounty researc

Production-style proof-of-concept demonstrating a headless CMS architecture using Next.js App Router and Payload CMS, including multilingual routing, dynamic content blocks, SEO metadata, and secure server-side form submissions.

It Can detect Hacker &चिटर्स

A proof-of-concept smart home simulation

Cisco Ethical hacker "Capture the Flag" Project

FORMERLY PRJ WRKN! A Proof-Of-Concept AlephOne Libretro Core!

A DIY Flipper Zero Clone on Steroids (RPi Zero 2W): A portable multi-functional hacking tool for RF (Sub-GHz/NFC/IR) auditing, powered by Kali Linux. Credit-card sized Cyberdeck for field pentesting, Far more powerful than any MCU-based device

Testing out the network diagram for Lattice using cytoscape.

Technical implementation of a cloud native data synchronization workflow. Features SQL-based data management, system troubleshooting queries and IAM security logic.

Dark hacker-vibes dashboard for hackathon Claude Code access management

This specification enables LLM coding assistants (Claude Code, Cursor, Copilot, etc.) to generate a complete, working proof of concept for a blockchain-based remittance system.

Learnt the basics of Docker Images, Containers, Networking Security, and AWS EC2 instances.

🤖 Evaluate AI competence in sysadmin tasks with ThiqahOps, a benchmark suite that ensures safe root access for AI systems managing server infrastructure.

Boilerplate de autenticación en NestJS con enfoque en seguridad y rendimiento. Incluye rotación de JWT, Cookies (HttpOnly), validación de entorno con Zod, transacciones con TypeORM y pruebas de carga con k6.

alx-backend-security

BRAG-inc-DDOS v3.1 - Advanced Slow HTTP POST Security Assessment Tool

📩 Detect spam SMS messages using machine learning and explainable AI to enhance security and privacy while gaining insights into classification decisions.

A full-stack note-taking application with secure user authentication, real-time search, and industry-standard security practices.

🌐 Configure pip to use proxies for enhanced security, efficient package management, and to bypass restrictions easily.

proof-of-concept Nim implementation of a faster RLN prover

Docker CI/CD with secrets and security scanning

This repository contains a Proof of Concept (PoC) that models the fragility of supply chains using principles of Information Thermodynamics.

A basic Python proof-of-concept that sends an oversized payload to a TCP service to demonstrate how buffer overflow conditions can occur. Built strictly for understanding memory corruption concepts in a controlled environment. Simple socket logic, loud

A simple Python proof-of-concept tool to check for Apache path traversal vulnerability (CVE-2021-41773). Detects vulnerable server versions and verifies exploitation by probing sensitive files. Built for learning CVE analysis, not mass exploitation.

This is a proof of concept for purview using CUI Patters and published labels after design sensitivity labeling and taxonomy.

DosoNet - Information Security Consulting Website

This repository contains a **Proof of Concept (PoC) Adversarial Testing Framework** designed for the Global Security Office. It automates the "Red Teaming" phase of the LLM lifecycle, probing target models for vulnerabilities such as Jailbreaks, Prompt In

🔒 Portfolio QA Engineer - Isaac Meneguini Albuquerque | Security Testing Framework com 20 projetos | Bilíngue PT/EN

voice_hacking_demo

Proof of concepts and old (obsolete) projects

A minimal, hackable Linux-based hobby OS.

My Submission to United Hacks V6

🔍 Detect and remediate leaked secrets in repositories by tracing their flow through dependencies, forks, and history with automated tools.

RAG_Proof_of_Concept

🎥 Exploit hardware gaps to evade virtualization and sandbox environments, enhancing security research and understanding of anti-VM strategies.

🛡️ Develop a vendor-neutral security operations framework for identity, segmentation, telemetry, and validation, tailored for scalability and automation.

alx-backend-security

ASSESSMENT-2_Proof-of-Concept_Artelier

🌐 Build your own operating system with MY-OS, offering advanced features and high security for a seamless user experience in 2026.

📱 Explore the source code of the mObywatel app, promoting transparency and accessibility for security audits and educational purposes.

🔍 Identify Active Directory vulnerabilities and attack paths quickly with Hackles, a fast CLI tool featuring 166 security queries for effective assessments.

spring-security-learning

Private transactions with Proof of Innocence on Solana - Built for Solana Privacy Hack 2026

a proof-of-concept script for flagging suspicious transactions based on a simple ruleset (amount, country, etc.).

My game for Hack Club's campfire flagship event!

aws-iam-multiuser-security-lab

Enterprise-grade SQL Server security auditing and permission drift detection framework designed for Senior DBA, Principal DBA, and DBRE roles.

Independent, non-advisory financial process support platform. Built on a security-first static architecture (HTML5 + Supabase + Cloudflare) to digitize legacy share recovery, IEPF, and NRI documentation workflows.

A work in progress. Move along, or try out the proof of concept and let me know how badly things broke!

A Windows-only foreground capture agent triggered by user input events, designed as a technical proof-of-concept for Win32 automation, event orchestration, and inter-process integrations.

Proof-of-concept java application about a pharmaceutical delivery system

week1-hello-world Install tools. Build a basic proof of concept.

Rapper for ERPNext and Helpdesk Proof of Concept(POC)

⚠️ NOTE: RAPID PROTOTYPE / PROOF OF CONCEPT This repository contains a "quick and dirty" HTML/JS implementation designed to validate the User Experience (UX) for a future native iOS application. The code prioritises immediate visual feedback over clean ar

Proof-of-concept (PoC) for a deep SQL agent with two subagents.

Cyber Security internship tasks by Future Interns

Solutions for OpenZeppelin Ethernaut CTF. Focus on smart contract security and gas optimization.

TBA

🚀☄️ Rocket Avoider is a high-performance web-based arcade game built with TypeScript and Tailwind CSS v4. It features a secure leaderboard system with XSS sanitization, robust JSON data handling, and a simulated virtual keyboard for a seamless mobile expe

A specialized Knowledge Graph Management System for the textile domain. Features: RBAC security, complex SQL optimization, and large-scale data import. (纺织领域知识图谱管理系统。特性：RBAC权限控制、复杂SQL调优、大数据导入。)

A collection of hands-on cybersecurity projects focused on SOC analyst skills, including threat detection, log analysis, incident response, SIEM monitoring, and security operations workflows.

A collection of OWL ontologies relating to the domains of defence, intelligence and security.

wip: Proof of concept for dabao board baremetal C SDK

Scratchpad and proof of concept codebase for exa.

Infrastructure-as-Code and cloud architecture examples on Yandex Cloud: Terraform, Kubernetes, networking, and security

A comprehensive EVE-NG-based network simulation implementing advanced enterprise networking concepts including multi-protocol routing (BGP, OSPF, EIGRP), security frameworks, high-availability and demonstrates production-ready network infrastructure desig

Ground Zero is a Bash script project for fast deployment of a hacking environment. Install your full setup, terminal config, or a pentest-ready shell in seconds

IT Security Docs

A demo application to consolidate and apply learning from the Spring Boot Mastery: With this project, I'm building a personal Journal App, showcasing my understanding of Spring Boot—from RESTful design and database integration to advanced features like va

VISOR: a fast, flexible security scanner for IaC and configs, supporting custom rules and standards.

An Intelligent Framework for QR Code Security and Authentication using DWT, CNN, and SHA-256.

Mi viaje hacia el desarrollo web: Un CRUD Fullstack (Java/Spring Boot + JS) construido desde cero. El enfoque principal es el dominio de la seguridad y la arquitectura limpia, migrando de configuraciones tradicionales a estándares modernos de Spring Secur

Random Linear Network Coding hacking

Deployed and secured an AWS EC2 web server running NGINX with cost controls and documented security decisions.

A collection of simple Python and Bash scripts I'm building as I learn cybersecurity and ethical hacking.

security-guard

This repository showcases my hands-on skill at creating a comprehensive CI/CD pipeline that automates the entire deployment process from code commit to production, including proper monitoring and security practices for a React frontend application deploye

A personal research website on AI privacy, user awareness, and security risks.

repository for players to share and find grey hack scripts

Proof of concept for an application designed to handle large-scale datasets and generate optimized exports compatible with InDesign and PowerPoint data-merge workflows.

holbertonschool-cyber_security

Hoyt's LLM Governance Framework

holbertonschool-cyber_security

🤖 Govern AI systems with the 4th.GRC™ platform, delivering automated risk compliance, policy-as-code, and assurance for responsible AI development.

🔒 Contribute to the EthStorage Trusted Setup Ceremony, ensuring security and decentralization for zk-SNARK circuits vital to our proof-of-storage algorithm.

🔍 Enhance local LLM security by testing for vulnerabilities like prompt injection, model inversion, and data leakage with this robust toolkit.

🎛️ Optimize your Fedora + Sway setup with these personal configuration files for a clean, efficient environment.

🔍 Detect credit card fraud accurately using machine learning models, analyzing extensive transaction data to enhance security and minimize risk.

🔄 Automate secrets rotation for database credentials with zero downtime, ensuring security, high availability, and scalability for your applications.

holbertonschool-cyber_security

🚀 Enhance your applications with int3rceptor, a robust interceptor library for seamless data handling in Rust and Vue.

🚀 Build scalable applications with this FastAPI template featuring PostgreSQL, JWT authentication, and multitenancy support for enhanced performance and security.

Decentralized Storage Area Network proof-of-concept that eliminates single points of failure. It utilizes IPFS, Shamir's Secret Sharing (Threshold Cryptography), and Smart Contracts for immutable records. Features include client-side encryption, Adaptive

🛡️ Detect and remove malware effortlessly with Antivirus Zap Pro, offering real-time protection and user-friendly tools for Windows security.

ExTester Code Generator is a VS Code extension that generates and repairs ExTester-based UI tests for VS Code extensions. It analyzes your manifest, proposes scenarios, and writes TypeScript tests. It can rerun tests and fix compilation and runtime failur

It is an automated Python virtual machine escape payload skipping framework that helps security researchers discover viable payload variants under strict character blacklist restrictions.

A C# tool that analyzes the 4624 and 4625 login entries in the Windows Security Event Log. A tool that quickly extracts the remote IP, username, and time information.

Network security scanner for macOS with HomeKit device discovery, vulnerability scanning, and comprehensive port detection

SunloginLPE is a local verification and analysis tool designed to help researchers Sunlogin command execution vulnerability in a controlled

These are my ethicak hacking projects while learning

🕵️♂️ Extract IOCs quickly with TotalOSINT, a client-side OSINT tool designed for privacy-first investigations in security analysis.

Proof of concept for maintaining a single application across two network zones. Updations in one zone gets migrated to the other zone via rabbitmq.

android-re-ctfs

🔍 Analyze and improve your website's performance, security, and quality with DevTeam-Test's comprehensive testing platform, all in one go.

🚀 Explore Naven Client 1.8.9 with full source code for seamless integration and development, built with dedication by Yuxing.

🚀 Build cloud-ready applications with ease using this project, designed for developers who prioritize security and user experience.

🚀 Implement Monad's consensus client and JsonRpc server for efficient transaction collection and blockchain state updates.

🔒 Obfuscate C/C++ functions at runtime on Windows to protect your code from inspection and enhance security against static analysis.

🔒 Fail CI if dependencies in your lockfile lose npm provenance or trusted publisher status, enhancing the security of your projects.

🛡️ Document your learning journey as a Cisco Junior Cybersecurity Analyst with organized notes and resources for skill development and knowledge retention.

🚀 Optimize your traffic with Pingoo, a fast and secure load balancer and API gateway featuring built-in service discovery, bot protection, and more.

🐳 Build a secure, production-ready Linux environment with Docker, leveraging multi-distribution support and infrastructure-as-code for enterprise applications.

🌐 Build a resilient, multi-AZ EKS cluster for enterprise applications, ensuring high availability and robust performance across zones.

.github

🛒 Build a powerful serverless virtual goods store using Next.js, Vercel Postgres, and Linux DO Connect for seamless shopping experiences.

A simple proof-of-concept Slack bot built with Python and slack-bolt to manage a basic release process via Slack commands.

File-Integrity-Checker

一款面向网络安全从业者的--漏洞实时情报自动推送工具（An automatic push tool for real-time information of vulnerabilities for network security practitioners）

Security-focused multimodal AI assistant with web search, voice interaction, and Ethical Hacking 'Teacher Mode

Educational Windows DLL demo about how Task Manager can be affected. Old code for learning and security awareness only. 🐙

iOS Enterprise Security Framework offers a secure, modular library for encryption, auth, and MDM built with Swift 5.9 for iOS 15+, including AES 🐙

🐙 Backend en Java con Spring Boot que verifica tokens de Google reCAPTCHA en una API REST; soporta v2/v3 y CORS listo para frontend.

Run your own HIPAA and GDPR compliant parse-server. Self-hosted, Docker-ready backend for compliant healthcare apps with easy deployment and robust access 🐙

Event Tracker is a browser-based app that tracks events with elapsed time, stored locally, no server required, featuring a responsive UI and Bootstrap icons 🐙

OS³ Security Studio is an open-source platform for hands-on cyber security education, offering modules, labs, and tutorials for aspiring security pros 🐙.

🚀 Access and manage the CapiscIO CLI easily with this Python wrapper, ensuring optimal performance across your system and architecture.

🔍 Monitor SSL/TLS certificates effortlessly with cw-agent to ensure compliance and security for your applications and services.

Proof of concept python & elisp library for working with zotero local api, especially for extraction PDF annotations.

Real-time blocklist of crypto phishing, scam, and drainer domains. Auto-updated threat intelligence for Web3 security.

🚀 Boost performance with NeonFlux, a high-performance linear algebra kernel for ARM64, optimized using NEON intrinsics for maximum efficiency.

red-teaming

🛡️ Detect and report fraudulent activities using advanced modeling techniques to enhance security and protect valuable assets.

🔍 Detect and test the security of WordPress and Joomla sites with this advanced brute-force tool for penetration testing and vulnerability assessment.

📦 Aggregate and format file contents into clean, LLM-friendly Markdown for easy sharing, code reviews, or archiving with this versatile CLI utility.

🛠️ Transform and analyze control flow obfuscation in Zelix KlassMaster™ to improve Java bytecode readability and security.

🖥️ Track local keystrokes with this Node.js CLI application, providing insights into typing activity while ensuring user control and data privacy.

🤖 Simulate realistic conversations to test and improve your AI agents, generating evaluation datasets and automating QA for reliable performance.

🌍 Discover the origin of web requests with this Safari extension, enhancing your online privacy and control over data tracking.

🛠️ Explore essential cybersecurity tools for students and teams, covering recon, web, cloud, and more for effective security workflows.

DorkEye is a Python script for ethical dorking. The goal is to identify unintentionally exposed resources, such as sensitive files, login panels or indexed directories.

Proof of Concept! Container image for a pretalx devcontainer.

Multi-Tool Offensive Security Arsenal for Red Teaming, CTF, Exploit Development, and Malware Research

Hacker News Companion browser extension

Carrusel de CVE semanal creado para Hack The cat

aws-eks-ent-multi-az-cluster

🔍 Discover crypto wallet exploits and blockchain tools for effective crypto trading and exploration with this comprehensive hacking repository.

🔍 Explore AI-integrated ransomware concepts to enhance cybersecurity awareness and prepare for evolving threats in the digital landscape.

Proof of concept code generators for Smithy for rust.

🔗 Streamline your Security Token Offering with the STO Backend API, enabling seamless user management, authentication, and integration with off-chain systems.

Renegade Platinum Wiki is a fully browsable, static documentation site built to showcase all gameplay changes introduced in the Pokémon ROM hack Renegade Platinum, created by Drayano.

A proof of concept project to implement `java.net.http` module since Java 11 for Scala Native

🔍 Build a robust Security Operations Center (SOC) with this comprehensive blueprint, featuring Splunk SIEM, automation, and enterprise-level security monitoring.

proof-of-concepts

🔍 Streamline wallet security with CryptoScanner: a safe tool for async scanning patterns, enhancing security research without risking real assets.

🛒 Build a powerful e-commerce platform with AI chat support using React, Node.js, and PostgreSQL for seamless shopping experiences.

🔐 Encrypt and decrypt Minecraft Bedrock Edition resource packs with ease using this intuitive web-based tool for enhanced security.

This app provides information on the dollar exchange rate, UIT value in Peru, Peruvian news, and news from other countries. Additionally, it includes a list of Lima districts with contact numbers for police, security services, and fire departments

A framework agnostic encryption library

🚀 Bootstrap your Fedora/RHEL system with modular scripts that simplify installation and configuration of essential tools and services.

Proof of concept on how to test some logic defined in your DB.

Web-based vulnerability scanning and management application that integrates with OpenVAS to provide comprehensive security assessments

📁 Simplify file management with the ZKIM file format, designed for seamless integration and high performance in TypeScript and Node.js applications.

🌟 Claim airdrops using the EIP-7702 method for drained wallets on the Ethereum mainnet with ease and security.

🧪 Proof of Concept for a RESTful API made with Rust and Rocket

A web security assessment tool

A validator for gradle/wrapper jar binaries, intended to be used in CI pipelines.

🔄 Update Enterprise Linux hosts using dnf, log system states, create diffs, and send reports with this Ansible role for streamlined management.

📊 Explore software quality standards with an interactive app featuring SPICE evaluation tools, security management maps, and downloadable resources.

🧿 Fetch and download VirusTotal file reports in JSON format by hash with a simple GUI. Utilize your own API key for secure access.

XposedOrNot: A digital security platform offering extensive data breach monitoring and alerts, robust privacy tools, and a community-driven approach for enhancing information security awareness and education.

🔒 Harden your Windows 10 and 11 systems with SecureWin, a PowerShell script that automates essential security measures for enhanced protection.

A FREE comprehensive step-by-step embedded hacking course covering Embedded Software Development to Reverse Engineering.

Secure-by-design and flexible Unix socket proxy. Built in memory-safe Go with zero dependencies, no shell or interpreter required in containers. A modern alternative to tecnativa/docker-socket-proxy and linuxserver/docker-socket-proxy, with powerful regex

🖼️ Embed and compress data securely in color images using Huffman coding and histogram shifting for efficient, invisible steganography.

A FREE comprehensive online Rust hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Rust from scratch.

Proof Of Concept to implement the RAII pattern in Kotlin using a compiler plugin.

📬 Manage newsletters and contacts effortlessly with a serverless system built on Cloudflare Workers, featuring robust security and versatile email support.

🛡️ Detect and prevent fraud in real-time with an ensemble system, achieving high accuracy and significant ROI for enhanced security solutions.

The enhanced and optimized DNS filter for AdGuard Home🚧

Proof-of-concept on how Antora can be used for Keycloak

Personal portfolio website showcasing my research, projects, and publications. PhD student at Wayne State University focusing on blockchain security, AI/ML, and smart contract analysis. Includes contact info, academic background, and links to Google Schol

📱 Streamline SMS testing on Android with MO Tool, a secure and reliable utility for security researchers, educators, and ethical hackers.

🚀 Unleash powerful DDoS attacks with Xillen DDoS Attacker, a hybrid tool built in Python and C++ for maximum speed and efficiency.

(C#/x86-64/VS2022/WinForms) Shows a proof of concept as to how to implement three-legged OAuth to GitHub with an arbitrary GitHub "app." The Client ID and Client Secret are specified in a config file, so they can be changed to test with any OAuth app yo

A FREE Windows C development course where we will learn the Win32API and reverse engineer each step utilizing IDA Free in both an x86 and x64 environment.

🔍 Enhance your cybersecurity skills with BiG-Hacking, a Python app offering over 200 commands for security analysis, networking, Android debugging, and web hacking.

Proof of Concept of a Price Comparison tool for different suppliers

PGP keys map to maven artifacts

🔍 Build a complete sBPF ELF from scratch, exploring each byte and using a basic SBPF program for hands-on learning.

Proof‑of‑concept IoT device registry: signatures + append‑only ledger to model secure assembly and audit trails.

Ansible role to install nginx with current security rules, including also an UFW rule.

HackerOne "in scope" domains

Public collection of random hacks and interesting code

🔍 Explore proof of concept exploits for software vulnerabilities I've discovered and responsibly disclosed, aimed at educational use.

Proof of concept for Geography / Computing cross overs

GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure reporting platform.

CVE-2025-15533 -- A vulnerability was determined in raysan5 raylib up to 909f040. Affected by this vulnerability is the function GenImageFontAtlas of the file src/rtext.c. Executing a manipulation can lead to heap-based buffer overflow. The attack can only be executed loca

CVE-2025-15534 -- A vulnerability was identified in raysan5 raylib up to 909f040. Affected by this issue is the function LoadFontData of the file src/rtext.c. The manipulation leads to integer overflow. The attack can only be performed from a local environment. The exploit

CVE-2025-15535 -- A security flaw has been discovered in nicbarker clay up to 0.14. This affects the function Clay__MeasureTextCached in the library clay.h. The manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has

CVE-2025-15536 -- A weakness has been identified in BYVoid OpenCC up to 1.1.9. This vulnerability affects the function opencc::MaxMatchSegmentation of the file src/MaxMatchSegmentation.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to lo

CVE-2025-15537 -- A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbf_file::string_value of the file plugins/input/shape/dbfile.cpp. Such manipulation leads to heap-based buffer overflow. The attack must be carried

CVE-2026-1105 -- A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly a

CVE-2026-1106 -- A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument

CVE-2026-1107 -- A weakness has been identified in EyouCMS up to 1.7.1/5.0. Impacted is the function check_userinfo of the file Diyajax.php of the component Member Avatar Handler. Executing a manipulation of the argument viewfile can lead to unrestricted upload. The attac

CVE-2026-1108 -- A security vulnerability has been detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The affected element is the function rtsp_rely_dumps. The manipulation leads to buffer overflow. An attack has to be approached locally. This prod

CVE-2026-1109 -- A vulnerability was detected in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. The impacted element is the function rtsp_parse_request. The manipulation results in buffer overflow. Attacking locally is a requirement. This product takes the

CVE-2026-1110 -- A flaw has been found in cijliu librtsp up to 2ec1a81ad65280568a0c7c16420d7c10fde13b04. This affects the function rtsp_parse_method. This manipulation causes buffer overflow. It is possible to launch the attack on the local host. Continious delivery with

CVE-2026-1111 -- A vulnerability has been found in Sanluan PublicCMS up to 5.202506.d. This impacts the function Save of the file com/publiccms/controller/admin/sys/TaskTemplateAdminController.java of the component Task Template Management Handler. Such manipulation of th

CVE-2026-1112 -- A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Per

CVE-2026-1118 -- A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/add_activity.php. Performing a manipulation of the argument Title results in sql injection. It is possible to initiate the attac

CVE-2026-1119 -- A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. It is possible to laun

CVE-2026-1120 -- A vulnerability has been found in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_work.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be i

CVE-2026-1121 -- A vulnerability was found in Yonyou KSOA 9.0. This affects an unknown function of the file /worksheet/del_workplan.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched re

CVE-2026-1122 -- A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/work_info.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated re

CVE-2026-1123 -- A vulnerability was identified in Yonyou KSOA 9.0. Affected is an unknown function of the file /worksheet/work_mod.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument ID leads to sql injection. The attack may be launched rem

CVE-2026-1124 -- A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_report.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in

CVE-2026-1125 -- A weakness has been identified in D-Link DIR-823X 250416. Affected by this issue is the function sub_412E7C of the file /goform/set_wifidog_settings. Executing a manipulation of the argument wd_enable can lead to command injection. The attack can be execu

CVE-2025-15530 -- A vulnerability was determined in Open5GS up to 2.7.6. This affects the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request of the file /src/sgwc/s11-handler.c. Executing a manipulation can lead to reachable assertion. The attack can b

CVE-2025-15531 -- A vulnerability was identified in Open5GS up to 2.7.5. This vulnerability affects the function sgwc_bearer_add of the file src/sgwc/context.c. The manipulation leads to reachable assertion. The attack is possible to be carried out remotely. The exploit is

CVE-2025-15532 -- A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released

CVE-2026-0517 -- CVE-2026-0517 is a denial-of-service vulnerability in versions of Secure

CVE-2026-0518 -- CVE-2026-0518 is a cross-site scripting vulnerability in versions of

CVE-2026-0519 -- In Secure Access 12.70 and prior to 14.20, the logging

CVE-2026-1048 -- A weakness has been identified in LigeroSmart up to 6.1.26. Impacted is an unknown function of the file /otrs/index.pl?Action=AgentTicketZoom. This manipulation of the argument TicketID causes cross site scripting. It is possible to initiate the attack re

CVE-2026-1049 -- A security vulnerability has been detected in LigeroSmart up to 6.1.26. The affected element is an unknown function of the file /otrs/index.pl. Such manipulation of the argument TicketID leads to cross site scripting. It is possible to launch the attack r

CVE-2026-1050 -- A flaw has been found in risesoft-y9 Digital-Infrastructure up to 9.6.7. This affects an unknown function of the file source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java of the component REST Authenticate Endpoint. Executing a manipulation can

CVE-2026-1059 -- A security vulnerability has been detected in FeMiner wms up to 9cad1f1b179a98b9547fd003c23b07c7594775fa. Affected by this vulnerability is an unknown functionality of the file /src/chkuser.php. The manipulation of the argument Username leads to sql injec

CVE-2026-1061 -- A vulnerability was detected in xiweicheng TMS up to 2.28.0. Affected by this issue is the function Upload of the file src/main/java/com/lhjz/portal/controller/FileController.java. The manipulation of the argument filename results in unrestricted upload.

CVE-2026-1062 -- A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the

CVE-2026-1063 -- A vulnerability has been found in bastillion-io Bastillion up to 4.0.1. This vulnerability affects unknown code of the file src/main/java/io/bastillion/manage/control/AuthKeysKtrl.java of the component Public Key Management System. Such manipulation leads

CVE-2026-1064 -- A vulnerability was found in bastillion-io Bastillion up to 4.0.1. This issue affects some unknown processing of the file src/main/java/io/bastillion/manage/control/SystemKtrl.java of the component System Management Module. Performing a manipulation resul

CVE-2026-1066 -- A vulnerability was detected in kalcaddle kodbox up to 1.61.10. This issue affects some unknown processing of the file /?explorer/index/zip of the component Compression Handler. The manipulation results in command injection. The attack may be launched rem