Tools and blogs I use to perform GCP red teams

Production-grade engineering skills for AI coding agents.

🕵️‍♂️ Collect a dossier on a person by username from 3000+ sites

Publications from Calif

Asymmetric defense against adversarial AI agents. VeilGate evaluates each incoming request, redirects suspected agents into a per-IP-consistent honeypot environment, and quantifies the computationa…

Deterministic Linux runtime enforcement with eBPF LSM: block file/network operations before syscalls complete.

Free email OSINT tool, 2500+ platforms, identity clustering, breach detection. No API keys required. pip install mailaccess

Prompt injection honeypot — naive AI in Docker sandbox follows all injected instructions, dumb extractor checks the logs

A cross-platform Python agent that detects and responds to the Realm C2 framework and its implants.

Daily security newsletter — HN curation + Claude summaries + web UI

Discord slash command bot — ASCII art, MorkBorg/CY_BORG/Dying Light RPG system

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively u…

Linux Shared Library to Shellcode Loader

⚡ KCP - A Fast and Reliable ARQ Protocol

Static analysis scanner for SKILL.md LLM agent skills with deterministic security findings.

Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we confi…

A dependency manager for agentic development

Labs for Practical Malware Analysis & Triage

Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground 🚀

A collection of manifests that will create pods with elevated privileges.

Read your tfstate or HCL to generate a graph specific for each provider, showing only the resources that are most important/relevant.

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

A Post-exploitation Toolset for Interacting with the Microsoft Graph API

A community trust management system based on explicit vouches to participate.

The Azure Execution Tool

AppLocker-Based EDR Neutralization

Lateral Movement via Bitlocker DCOM interfaces & COM Hijacking