> socials
> Security Researcher Β· Blockchain Β· Exploits Β· AI Agents
> gpt-3 'who is tintinweb'
> attack --surface
Smart Contracts Β· P2P Networks Β· Protocols Β· Cryptographic Implementations Β· Embedded Devices
> whoami
- improve Security for the Ethereum Ecosystem
- review complex Smart Contract Systems and Off-Chain components
- research new attack vectors and practice Responsible Disclosure
- buidl useful Tools to satisfy the lazy efficiency monk in me
- buidl AI-powered security agents and coding assistants
- led InfoSec for a major European corporation
- am on the Ethereum & Ethereum 2.0 Vulnerability Leaderboard
- am #39 in theCyber
- disclosed multiple vulnerabilities in cpp-ethereum, mist, parity, bitcoin-core, and bitcoin miners
- broke parts of Android, OpenSSH, Putty, Python, various Web Applications, and Embedded Devices
> featured
π₯· Vulnerability Research / Offensive
- pub - Public vulnerability disclosures & PoCs
- ecdsa-private-key-recovery - ECDSA nonce-based key recovery
- scapy-ssl_tls - SSL/TLS layers for Scapy
- electron-inject - Inject JS into Electron apps
- striptls - STARTTLS stripping attack proxy
- aggroArgs - Buffer overflow vulnerability testing
π¬ Security Research & Tools
- smart-contract-sanctuary - A home for ethereum smart contracts
- smart-contract-vulndb - Open smart contract audit issue dataset
- solidity-shell - Interactive Solidity shell
- semgrep-rules - Low noise Semgrep security rules
- bugbounty-companion - Bug bounty code-base checker
- vscode-interactive-graphviz - Interactive Graphviz Dot Preview
- vscode-decompiler - Decompile things from VSCode
- vscode-inline-bookmarks - Inline bookmarks
- vscode-solidity-language - Solidity Language & Themes
- vscode-solidity-flattener - Solidity Contract Flattener
- vscode-solidity-auditor - Solidity Visual Developer
- vscode-vyper - Vyper language support
- solgrep - Scriptable semantic grep for Solidity
π€ AI / Agent Ecosystem
- claude-code-container - Docker container for Claude Code
- vscode-chonky - Superhuman LLM Auditing Agent for Solidity
- pi-gitnexus - GitNexus knowledge graph integration for Pi
- pi-subagents - Sub-agents for Pi with parallel execution
- pi-messenger-bridge - Bridge messengers into Pi
- pi-manage-todo-list - Structured todo list management for Pi
- chonky-task-manager-mcp - Task management with MCP server
- pi-supervisor - Pi extension that supervises the coding agent
- vscode-chonky-remote-pilot - Multi-transport chat bridge for VS Code
- pi-schedule-prompt - Scheduling and reminding via prompt execution
- vscode-pi-model-chat-provider - VSCode Language Model Chat Provider for Pi
> trophy
OS agnostic, any programming language, any architecture, things will be reverse engineered if needed.
- π - SSL DROWN attack / Hon. mention
- π - Ethereum Bug Bounty
- π - Ethereum 2.0 Bug Bounty
- π - Research
- π - npm
π Public Disclosures β 40+ vulnerabilities across:
- Android β CVE-2017-13208 Β· RCE via DHCP out-of-bounds write (Android 5.1β8.1)
- OpenSSH β CVE-2016-3115 Β· CRLF injection to bypass shell-command restrictions
- PuTTY β CVE-2016-2563 Β· Stack-based buffer overflow RCE via SCP
- Python β CVE-2016-0772 Β· StartTLS stripping in smtplib
- Ethereum β Mist browser arbitrary command execution, Parity SOP bypass, Trinity & Teku DoS
- Nim β 6 CVEs including arbitrary code execution via package metadata
- IPFS β Path traversal, IPNS downgrading & takeover, CORS bypass
- Bitcoin miners β RCE & directory traversal in cgminer, bfgminer, Claymore