// OPERATOR IDENTIFIED

KenjiXsS

Pentest · AppSec · Purple Team

// PROJECT INVENTORY

security

Cryptofile

A set of tools for file encryption, including a secure file explorer and an automatic encryptor.

PythonCryptographyGUI

monitoring

Dexter

A shell script with a collection of security recon tools for CTFs and bug bounty.

BashDockerCybersecurity

api

Task Manager API

An HTTP API in C to manage tasks, integrated with a simple HTML/JavaScript frontend.

CHTTPHTML/JS

iot

Raspberry Pi Network Monitor

An HTTP server on the Raspberry Pi Pico W to monitor networks and firewalls via Wi-Fi.

CRaspberry PiIoT

web

SINGED FastAPI

A full-stack system for device management integrated with INSS, using FastAPI.

PythonFastAPIHTML/CSS/JS

web

SINGED Django

Django version of the SINGED application for device management.

PythonDjangoHTML/CSS/JS

web

E-commerce Frutas

A modern and responsive e-commerce platform specialized in fruits.

ReactNode.jsMongoDB

web

Go Scraper

A Golang web scraping tool built for studies and data extraction.

Golang

web

Neural Network Visualizer

An Anime.js web app to visualize neural networks learning progress.

TypeScriptNode.jsHTML/CSS

web

Flashcard Tool

A web tool to create and study flashcards interactively.

TypeScriptHTML/CSS

api

Ruby API Boilerplate

An API boilerplate built with Ruby on Rails.

Ruby

// WRITEUPS — CTF LOG

InsaneHackTheBox

Whiterabbit

Multi-layered challenge with deep enumeration and chained unique vulnerabilities across several technologies.

weblinux
EasyHackTheBox

Artificial

Exploit vulnerabilities in malicious TensorFlow models to achieve RCE, escalate privileges, and capture flags.

weblinux
MediumHackTheBox

Editor

XWiki RCE exploitation and Privilege Escalation via Netdata (CVE-2024-32019).

weblinux
HardHackTheBox

Eureka

Java Heapdump extraction and exploitation.

weblinux
MediumHackTheBox

Nocturne

PHP injection and CVE-2023-46818 exploitation chain.

weblinux
MediumHackTheBox

Outbound

Roundcube email service exploitation for initial access and privilege escalation.

weblinux
MediumHackTheBox

Gavel

Credential reuse, insecure SUID binary and PHP config abuse leading to root compromise.

weblinuxprivescphp
HardHackTheBox

MonitorsFour

IDOR, credential reuse, authenticated Cacti RCE and Docker API abuse leading to full host compromise.

weblinuxdockeridor
HardHackTheBox

NanoCorp

Active Directory compromise via DNS poisoning, NTLM relay, Kerberos abuse and WinRM access.

active-directorywindowsntlmkerberos
HardHackTheBox

Fries

pgAdmin authenticated RCE followed by AD CS abuse (ESC6 + ESC16) to obtain Domain Admin access.

active-directoryadcswindowscertificate-abuse
HardHackTheBox

Eloquia

OAuth CSRF leading to admin takeover, DLL upload abuse, SQLite extension execution and binary hijacking.

weboauthcsrfwindows
MediumHackTheBox

Eighteen

SQL Server credential abuse, password reuse and BadSuccessor AD exploitation to gain Domain Admin.

windowsactive-directorysql-serverkerberos
[ VIEW FULL REPOSITORY ]

// BUG BOUNTY — FINDINGS LOG

6FINDINGS
$7,550TOTAL PAID
2CRITICAL
2PLATFORMS

// TRANSMIT MESSAGE

// CONTACT DATA