Telnet Honeypot
Minimal Rust honeypot using a thread-per-connection model and an explicit state machine. Captures attacker credentials and simulates a believable shell — catches real attackers in the wild.
I'm an undergrad CS student who's been deep in the weeds of systems and security for as long as I can remember.
Started with the usual — C, then quickly fell down the rabbit hole of how things actually work underneath. Built things close to the metal: a custom HTTP server from scratch parsing raw TCP bytes, a honeypot in Rust catching real attackers in the wild, utilities that talk directly to Linux kernel APIs. Got into CTFs, then started writing about them. Somewhere along the way I went from solving wargame levels to building and hosting one for 150+ people at my institute.
The security side pulled me in hard — reverse engineering, binary exploitation, privilege escalation, network security. Tools like GDB, Ghidra, Wireshark became second nature. Picked up Rust because I wanted memory safety without giving up control. Learned assembly because I wanted to know what the compiler was hiding from me.
Now I spend time in the intersection of systems internals and security — kernel mechanics, eBPF, namespaces, the stuff that most people treat as a black box. Red team and blue team both interest me equally.
TLDR, I know where the bodies are buried, and I probably put them there.
C, Assembly (x86 & ARM), C++, Rust, Python, MySQL, HTML, CSS, JS
CTF, pentesting, networking, Linux internals, reverse engineering, binary exploitation
GDB, Ghidra, IDA Pro, Rizin/Cutter, Wireshark, Nmap, Burp Suite, John, Hydra, Gobuster
drawing, photography, chess, rubik's cube, eBPF, kernel namespaces
Minimal Rust honeypot using a thread-per-connection model and an explicit state machine. Captures attacker credentials and simulates a believable shell — catches real attackers in the wild.
Low-level C implementation of runtime-only code execution using anonymous memory mappings, permission transitions (RW→RX), and memory wiping to resist static analysis.
HTTP/1.0 server in C that treats TCP as a raw byte stream, enforces server-side trust boundaries, and avoids heap allocation in the request path for predictable memory behavior.
Linux kernel-level keylogger using /dev/input event files. Captures all keystrokes at the device layer, below X11/Wayland — works in terminals, GUIs, and TTYs alike.
From-scratch hexdump utility in C that reads raw input byte-by-byte and displays hexadecimal offsets, byte values, and a printable ASCII view — faithful to the classic hexdump tool.
Privacy-focused web tool that removes EXIF metadata from images directly in your browser. No uploads, no tracking, no server — everything happens locally.
Smooth Manim animation demonstrating the Undo-Redo stack mechanism. Color-coded stacks, smooth transitions, and a clean visual model of text edit history.
Full chess engine in C++ using polymorphic pieces, move validation, check/checkmate detection, and special moves. Console-based visualization with proper chess rules.
CTF walkthroughs, OverTheWire solutions, and pentesting notes:
Linux and SSH-based wargame — file permissions, privilege escalation, shell navigation
Web exploitation series — HTML source, HTTP, cookies, server-side scripting
Reverse engineering series — binaries, SUID permissions, ltrace / strace debugging
SUID binaries, sudo rights, cron jobs, kernel exploits and misconfigured services
Web app pentesting methodology — recon, application mapping, auth analysis, exploitation
AWS cloud exploitation and security configurations — S3 bucket leaks, IAM policies, and global credentials
Linux commands, Windows fundamentals, PowerShell, networking, packet analysis
TryHackMe Valentine's CTF — Cupid's matchmaker, TryHeartMe, ValenFind and more
Every published writeup — Bandit, Natas, and beyond, sorted by date and topic
Feel free to contact me for anything~