Domain Specialist/75% confidence

Analysis Version

Summary

Specialized offensive security developer focused on Red Team automation and vulnerability research using Go and Java. Demonstrates deep understanding of low-level network protocols and exploit chains, creating operational tools that prioritize stealth and efficacy over software engineering polish.

Score Context

Score reflects deep expertise in offensive security and systems programming, but is tempered by a lack of software engineering rigor. The developer excels at operational efficacy and research but prioritizes functionality over maintainability and testing.

Tech Stack

PrimaryGo3Java2·ProficientPython1Terraform1SSH1

Repositories

SiestaTime

Red Team Automation tool powered by go and terraform

“The developer's flagship tool demonstrating complex C2 architecture, modular design, and Red Team operational knowledge.”

View

WebRCEPoCs

Most common theorical Web RCE's with some "testing code" and PoC's to practise with (not real CVE's)

“A high-value educational resource demonstrating deep understanding of web vulnerabilities and exploit safety.”

View

Rebugo

Golang Source Code Modifications to add features

“Demonstrates the advanced technical ability to fork and modify the Go standard library for TLS fingerprinting.”

View

Pertrechos

Pertrechos is a toolbox repo. that will contain simple code-snippets in go to perform different useful actions to help OffSec. operations/projects.

“A utility belt of operational tools that showcases practical Go networking skills despite code duplication.”

View

CVEPoCs

List of software CVE's with some "testing code" alongside an "testable" real web app implementing these vulnerabilities.

“Evidence of broad research capabilities across different languages (Java, Python) and vulnerability classes.”

View

Score History

Persona

Testing Practices2/10

Repositories consistently lack automated unit tests, with explicit 'TO-DO' comments highlighting this gap.

Documentation8/10

Projects feature comprehensive READMEs and high-quality inline comments that explain complex attack logic.

Architecture6/10

Logical separation of concerns is present (e.g., build tags for OS-specific code), but relies heavily on brittle global state.

Maintainability4/10

Frequent code duplication and usage of hardcoded paths/values significantly hamper long-term maintenance.

Skills

Offensive Security Operations9/10

Demonstrates advanced knowledge in architecting C2 channels (SiestaTime) and weaponizing RCE vulnerabilities.

Go (Golang)7/10

Capable of complex systems programming and modifying standard libraries (crypto/tls), though struggles with state management.

Network Protocols8/10

Deep low-level understanding shown by implementing custom SSH handling and TLS fingerprint manipulation (JA3 spoofing).

Java6/10

Functional understanding of Java web stacks and serialization exploits, but projects lack standard build tooling (Maven/Gradle).

Vulnerability Research7/10

Extensive cataloging of CVEs and creation of educational Proof-of-Concept exploits across multiple languages.

Growth

1.Implement automated unit testing (using Go 'testing' and JUnit) to prevent regressions in critical C2 logic.

2.Refactor global variables into struct-based contexts to eliminate race conditions and improve thread safety.

3.Adopt standard build systems (Makefiles, Maven/Gradle) to streamline dependency management and ease usage.

4.Containerize vulnerable PoC environments using Docker to provide safe, reproducible research sandboxes.

5.Modernize legacy dependencies (e.g., Python 2 scripts, old Java libs) to ensure tools remain usable on modern infrastructure.

rebujacker