Security engineer who writes the tools I need and open-sources them when they might help someone else. Mostly Go, C, and Python.
CLIs that turn live SIEM and EDR platforms into code you can git diff:
secopsβ operate Google SecOps (Chronicle SIEM + Siemplify SOAR) as code β pull detection rules, parsers, dashboards, and SOAR playbooks into files, review the diff, push backs1ctlβ operate SentinelOne Singularity as code β agents, policies, exclusions, threat lifecycle, remote shellsplunkctlβ operate Splunk Enterprise SIEM as code β SPL search, detection-as-code YAML, alerts, dashboards, indexes
All three ship with machine-readable command trees and embedded agent guides β built for both humans and AI agents.
Evidence-only RAG + MCP servers that hand your AI exact legal provisions β no hallucination, no paraphrasing:
banhmiβ Vietnamese banking & fintech regulation (State Bank of Vietnam, Ministry of Justice)laksaβ Malaysian banking & fintech regulation (Bank Negara Malaysia, Securities Commission)
Small, focused clients for security and cloud platforms β each one go get-able straight off danny.vn/β¦:
| Package | Platform |
|---|---|
s1 |
SentinelOne Singularity β agents, policies, threats, remote shell |
secops |
Google SecOps β Chronicle SIEM + Siemplify SOAR |
fortigate |
FortiGate firewall REST API |
fortimgr |
FortiManager FlatUI API |
nessus |
Tenable Nessus scanner (read-only) |
vngcloud |
VNG Cloud IAM |
kaggle |
Kaggle API β kernels, datasets, token introspection |
offthebookβ memory-only Windows PE execution via SMB-over-QUIC SEC_IMAGE loading, with position-independent shellcode in pure C (MSVC + Clang)
bywayβ transparent per-app VPN bypass on Linux using cgroup v2 + nftables + policy routingflowcvcliβ drive a FlowCV rΓ©sumΓ© from the command line or Python β content, design, templates, avatar, publish & PDF export
More at danny.vn.

