~/red_team_engagement.md
Red Team Engagement
Full-scope adversary emulation with PoC chains and prioritized remediation actions.
Cobalt StrikeActive DirectoryWindows
$ ls ./projects/
Projects & engagements
A selection of offensive security work — engagements I deliver to clients and open-source exploits I've published for disclosed CVEs.
// engagements
~/va_pt_engagement.md
VA/PT Engagement
Automated & manual testing across web, API, network, cloud — exploit-evidenced findings with remediation steps.
NessusBurp SuiteAppSecWeb
~/source_code_review.md
Source Code Review
Manual review for backend/frontend with annotated vuln snippets, severity, patches and a secure-coding checklist.
PythonJavaScriptPHPAppSec
~/network_configuration_review.md
Network Configuration Review
Comprehensive review of network architectures, configs and security controls for hardened deployment.
RouterSwitchFirewall
~/anti_ctfd_solution.md
Anti-CTFd Solution
Engineered containerized environments for CTFs with unique per-team flags to prevent sharing.
PythonDockerWeb
~/ctfd_discord_integration.md
CTFd ↔ Discord Integration
CTFd plugin that automates user verification, syncs nicknames with CTFd usernames and assigns roles.
PythonBackendBot
// published CVE exploits
CVE-2023-38646
Metabase Pre-auth RCE
Python · ★ 15
CVE-2023-49070
Apache OFBiz Pre-auth RCE
Python · ★ 1
CVE-2022-22965
Spring4Shell RCE
Python · ★ 3
CVE-2021-41349
Microsoft Exchange Server Spoofing
HTML · ★ 5
More research and write-ups on blog.0xrobiul.me — covering Bug Bounty, CSRF, RCE, Broken Link Hijacking and CTF walkthroughs.