A collection of offensive and defensive security tools built for research, education, and authorized lab environments. Each project targets a specific domain of security engineering, from kernel-level persistence to network traffic analysis to ML-based threat detection.
All tools are built for educational purposes and controlled lab environments only. No tool in this repository is intended for use against systems without explicit authorization.
| Project | Language | Description |
|---|---|---|
| StealthyRootkit | C | Kernel-level LKM rootkit demonstrating syscall hooking, process hiding, and file system stealth. Built to understand how kernel-level persistence actually works at the syscall table level. |
| MalwareC2Server | Python | Command-and-control simulation framework modeling real-world attacker infrastructure: server/client comms, task queuing, and execution flows. Built for red team simulation and C2 detection research. |
| ReverseShell_AES | Python | Encrypted reverse shell using AES to understand how defenders can detect (or miss) encrypted callback channels. Used for testing network monitoring and DPI setups. |
| Simplified Keylogger | Python | Basic keylogger demonstrating OS-level input interception. Built as part of endpoint detection research. Understanding what keyloggers do is prerequisite to catching them. |
| Project | Language | Description |
|---|---|---|
| Tartarus Gate | Rust · Python | Multi-layer security platform. WAF (Iron Veil) + ML-based malware classification (BloodHound) + threat neutralization (Reaper). Moved to a standalone repo. |
| PhishingDetector | Python | URL and content analysis pipeline for phishing site classification. Combines heuristic rules with ML-based scoring across multiple signal types. |
| DNSSpoof_Detector | Python | Network monitor that detects DNS spoofing and cache poisoning attempts in real time by analyzing response consistency and TTL anomalies. |
| Project | Language | Description |
|---|---|---|
| Portscanner | Python | Multi-threaded TCP/UDP port scanner with service fingerprinting and configurable scan profiles. |
| ViperFang | Python | Network traffic analysis and anomaly detection tool. Moved to standalone repo. |
| Nemesis | Python | Automated vulnerability scanning and enumeration framework. Moved to standalone repo. |
| Project | Language | Description |
|---|---|---|
| SteganographyDetector | Python | Detection tool for LSB and frequency-domain steganography in image and audio files. Counterpart to covert channel research. |
Python C Linux Kernel (LKM) Syscall Hooking Scapy Scikit-learn Socket Programming AES Encryption Multi-threading
These projects were built progressively, each one targeting a specific gap in my understanding of a security domain. The pattern is consistent: build the offensive tool to understand it, then build the detection mechanism to catch it.
The rootkit taught me more about how AV evasion works than any blog post. The C2 server taught me what beaconing patterns look like on the wire. The phishing detector forced me to think about what actually differentiates a convincing phishing page from a legitimate one at a feature level.
Security is easier to defend when you've built the attack.
- All tools are built in isolated lab environments (local VMs, private networks)
- No tool has been used against systems without authorization
- Source code is shared for educational purposes. Understanding attack techniques is foundational to building effective defenses.
- HackTheBox, CTF environments, and personal lab infrastructure are the intended deployment targets
- Tartarus Gate: the production-grade evolution of this research, a full security platform
- Vehicle Threat Model: STRIDE threat modeling applied to automotive ECU architecture
- Automotive Security Demo: secure communication implementation derived from the threat model