I specialize in Offensive Cyber Operations, including Adversary Emulation and Penetration Testing. I build tools that help security professionals simulate real-world threats and test defenses in restrictive environments.
β‘ Fun fact: I use Arch btw
π΅οΈ Unkn0wnC2
DNS-based Command & Control framework for Red Team adversary emulation
- Shadow Mesh Architecture - Multi-domain beacons for improved throughput and resilience
- Malleable Timing - Control both beacon check-in and data exfiltration timing to evade detection
- AES-256-GCM Encryption with Base36 DNS-safe encoding
- Built for highly restrictive environments (e.g., cloud VPCs with DNS-only egress)
π HolePunch (WiP)
UDP hole punching VPN-like tool for P2P connections through NAT
- Establishes encrypted peer-to-peer connections through firewalls
- XChaCha20-Poly1305 encryption with X25519 key exchange
- Lightweight orchestration server for NAT traversal coordination
- Perfect for Red Team infrastructure and covert channels
π₯· DNS-Exfil
DNS Exfiltration Server & Client for DNS Exfil Proof of Concept
- Exfiltrates arbitrary data via DNS as a covert channel
- AES-256-GCM Encryption with Base36 DNS-safe encoding
- Exfiltrates using A-records or TXT-records
- Very quick, great for generating DNS logs/alerts
- Created as a Proof-of-Concept to validate exfiltration over DNS
| Repository | Description |
|---|---|
| Simple-DNS-Server | Lightweight DNS server in Go |
| NessusMerge | Merge Nessus scan results |
| data-generator | Generate files with arbitrary data |
| Python-HTTP-Post/Get-Server | POST or GET files instead of boring old GET |
Building tools for authorized security testing only π