Score: 74

Specialist

75% confidence

Executive Summary

Specialized offensive security developer focused on Red Team automation and vulnerability research using Go and Java. Demonstrates deep understanding of low-level network protocols and exploit chains, creating operational tools that prioritize stealth and efficacy over software engineering polish.

Score Context: Score reflects deep expertise in offensive security and systems programming, but is tempered by a lack of software engineering rigor. The developer excels at operational efficacy and research but prioritizes functionality over maintainability and testing.

Technical Arsenal

Language

Go3

Java2

Python1

Tool

Terraform1

Library

SSH1

Key Repositories

SiestaTime

Score: 9/10

Red Team Automation tool powered by go and terraform

“The developer's flagship tool demonstrating complex C2 architecture, modular design, and Red Team operational knowledge.”

View Code

WebRCEPoCs

Score: 7/10

Most common theorical Web RCE's with some "testing code" and PoC's to practise with (not real CVE's)

“A high-value educational resource demonstrating deep understanding of web vulnerabilities and exploit safety.”

View Code

Rebugo

Score: 6/10

Golang Source Code Modifications to add features

“Demonstrates the advanced technical ability to fork and modify the Go standard library for TLS fingerprinting.”

View Code

Pertrechos

Score: 5/10

Pertrechos is a toolbox repo. that will contain simple code-snippets in go to perform different useful actions to help OffSec. operations/projects.

“A utility belt of operational tools that showcases practical Go networking skills despite code duplication.”

View Code

CVEPoCs

Score: 5/10

List of software CVE's with some "testing code" alongside an "testable" real web app implementing these vulnerabilities.

“Evidence of broad research capabilities across different languages (Java, Python) and vulnerability classes.”

View Code

Developer Persona

Testing Practices

2/10

Repositories consistently lack automated unit tests, with explicit 'TO-DO' comments highlighting this gap.

Documentation

8/10

Projects feature comprehensive READMEs and high-quality inline comments that explain complex attack logic.

Architecture

6/10

Logical separation of concerns is present (e.g., build tags for OS-specific code), but relies heavily on brittle global state.

Maintainability

4/10

Frequent code duplication and usage of hardcoded paths/values significantly hamper long-term maintenance.

Skill Assessment

Offensive Security Operations

9/10

Demonstrates advanced knowledge in architecting C2 channels (SiestaTime) and weaponizing RCE vulnerabilities.

Go (Golang)

7/10

Capable of complex systems programming and modifying standard libraries (crypto/tls), though struggles with state management.

Network Protocols

8/10

Deep low-level understanding shown by implementing custom SSH handling and TLS fingerprint manipulation (JA3 spoofing).

Java

6/10

Functional understanding of Java web stacks and serialization exploits, but projects lack standard build tooling (Maven/Gradle).

Vulnerability Research

7/10

Extensive cataloging of CVEs and creation of educational Proof-of-Concept exploits across multiple languages.

Growth Areas

•Implement automated unit testing (using Go 'testing' and JUnit) to prevent regressions in critical C2 logic.
•Refactor global variables into struct-based contexts to eliminate race conditions and improve thread safety.
•Adopt standard build systems (Makefiles, Maven/Gradle) to streamline dependency management and ease usage.
•Containerize vulnerable PoC environments using Docker to provide safe, reproducible research sandboxes.
•Modernize legacy dependencies (e.g., Python 2 scripts, old Java libs) to ensure tools remain usable on modern infrastructure.

Unlock AI-powered code intelligence

Get docs, diagrams, scorecards, and reviews for any repository. Understand code faster.

Master any codebase in minutes

Cancel anytime·7-day guarantee

Compare all plans