ls -la ~/projects

Projects

Open-source tools, automation scripts, and research - built in my lab and in the wild.

in dev

SentinelCPP

Lightweight EDR agent for Windows written in C++17. Performs real-time process monitoring via the Toolhelp32 API (500 ms snapshots), extracts executable paths and PPID metadata, and applies path-based heuristics to detect masqueraded system binaries - e.g. svchost.exe or lsass.exe spawned outside System32. Suspicious processes are automatically terminated and all security events are written to a structured incident log with INFO / WARN / CRITICAL severity levels. Roadmap includes ETW-based monitoring, DLL-injection detection, and registry persistence tracking.

C++WindowsEDRBlue TeamThreat DetectionWin32 API
View on GitHub →
active

TL-WR841N Hardware Exploitation

Full hardware security audit of the TP-Link TL-WR841N consumer router. Using a multimeter to identify unpopulated UART headers on the J3 connector, a root shell was obtained via a FT232 USB-to-TTL adapter at 115200 baud with default credentials. From there, WPA2 passphrases were recovered in clear text from RAM-disk files, MTD flash partitions were dumped directly through /dev/mtdblock devices, and active network listeners were decoded from raw /proc/net/tcp hex descriptors without any standard tooling. The audit demonstrates that the absence of userspace utilities such as netstat or wget provides no real defence: the kernel interfaces are sufficient for complete compromise. Documented as a reference for embedded Linux attack surface analysis on MIPS-based IoT devices running BusyBox.

Hardware HackingIoTUARTEmbedded LinuxMIPSRed Team
View on GitHub →