> socials
> Security Researcher ยท Blockchain ยท Exploits ยท AI Agents
> gpt-3 'who is tintinweb'
> attack --surface
Smart Contracts ยท P2P Networks ยท Protocols ยท Cryptographic Implementations ยท Embedded Devices
> whoami
- improve Security for the Ethereum Ecosystem
- review complex Smart Contract Systems and Off-Chain components
- research new attack vectors and practice Responsible Disclosure
- buidl useful Tools to satisfy the lazy efficiency monk in me
- buidl AI-powered security agents and coding assistants
- led InfoSec for a major European corporation
- am on the Ethereum & Ethereum 2.0 Vulnerability Leaderboard
- am #39 in theCyber
- disclosed multiple vulnerabilities in cpp-ethereum, mist, parity, bitcoin-core, and bitcoin miners
- broke parts of Android, OpenSSH, Putty, Python, various Web Applications, and Embedded Devices
> featured
๐ฅท Vulnerability Research / Offensive
- pub - Public vulnerability disclosures & PoCs
- ecdsa-private-key-recovery - ECDSA nonce-based key recovery
- scapy-ssl_tls - SSL/TLS layers for Scapy
- electron-inject - Inject JS into Electron apps
- striptls - STARTTLS stripping attack proxy
- aggroArgs - Buffer overflow vulnerability testing
๐ฌ Security Research & Tools
- smart-contract-sanctuary - A home for ethereum smart contracts
- smart-contract-vulndb - Open smart contract audit issue dataset
- solidity-shell - Interactive Solidity shell
- semgrep-rules - Low noise Semgrep security rules
- bugbounty-companion - Bug bounty code-base checker
- vscode-interactive-graphviz - Interactive Graphviz Dot Preview
- vscode-decompiler - Decompile things from VSCode
- vscode-inline-bookmarks - Inline bookmarks
- vscode-solidity-language - Solidity Language & Themes
- vscode-solidity-flattener - Solidity Contract Flattener
- vscode-solidity-auditor - Solidity Visual Developer
- vscode-vyper - Vyper language support
- solgrep - Scriptable semantic grep for Solidity
๐ค AI / Agent Ecosystem
- claude-code-container - Docker container for Claude Code
- vscode-chonky - Superhuman LLM Auditing Agent for Solidity
- pi-gitnexus - GitNexus knowledge graph integration for Pi
- pi-subagents - Sub-agents for Pi with parallel execution
- pi-messenger-bridge - Bridge messengers into Pi
- pi-manage-todo-list - Structured todo list management for Pi
- chonky-task-manager-mcp - Task management with MCP server
- pi-supervisor - Pi extension that supervises the coding agent
- vscode-chonky-remote-pilot - Multi-transport chat bridge for VS Code
- pi-schedule-prompt - Scheduling and reminding via prompt execution
- vscode-pi-model-chat-provider - VSCode Language Model Chat Provider for Pi
> trophy
OS agnostic, any programming language, any architecture, things will be reverse engineered if needed.
- ๐ - SSL DROWN attack / Hon. mention
- ๐ - Ethereum Bug Bounty
- ๐ - Ethereum 2.0 Bug Bounty
- ๐ - Research
- ๐ - npm
๐ Public Disclosures โ 40+ vulnerabilities across:
- Android โ CVE-2017-13208 ยท RCE via DHCP out-of-bounds write (Android 5.1โ8.1)
- OpenSSH โ CVE-2016-3115 ยท CRLF injection to bypass shell-command restrictions
- PuTTY โ CVE-2016-2563 ยท Stack-based buffer overflow RCE via SCP
- Python โ CVE-2016-0772 ยท StartTLS stripping in smtplib
- Ethereum โ Mist browser arbitrary command execution, Parity SOP bypass, Trinity & Teku DoS
- Nim โ 6 CVEs including arbitrary code execution via package metadata
- IPFS โ Path traversal, IPNS downgrading & takeover, CORS bypass
- Bitcoin miners โ RCE & directory traversal in cgminer, bfgminer, Claymore