security researcher

hi, i'm r00t26.
i break things
and write about it.

Security engineer · security researcher. I document my findings, build open-source tools, and share writeups.

⚑ writeups ⚙ my tools
bash — r00t26@kali
~/$ whoami
security engineer · researcher · perpetual tinkerer

~/$ cat interests.txt
web exploitation, network exploitation, reverse engineering, osint

~/$ ls -la ./certs
Security+, Pentest+, CEH, CISSP

~/$ _

recent writeups

6 total view all →
Hard web
CVE-2026-32746
A breakdown of CVE-2026-32746, a CVSS 9.8 unauthenticated pre-auth RCE in GNU inetutils telnetd c...
CVE Breakdown Apr 2026
Easy linux
Cap
IDOR vulnerability on a security dashboard exposes a pcap containing plaintext FTP credentials, l...
CTF Mar 2026
Hard web
Ni8mare — CVE-2026-21858
A breakdown of CVE-2026-21858, a CVSS 10.0 unauthenticated RCE vulnerability in n8n caused by Con...
CVE Breakdown Mar 2026
Hard web
Pwning the Protector — CVE-2025-69258
A breakdown of CVE-2025-69258, an unauthenticated RCE vulnerability in Trend Micro Apex Central c...
CVE Breakdown Jan 2026
Medium web
React2Shell — CVE-2025-55182
A breakdown of CVE-2025-55182, a CVSS 10.0 unauthenticated RCE vulnerability.
CVE Breakdown Dec 2025
Hard web
WSUS RCE — CVE-2025-59287
A breakdown of CVE-2025-59287, a CVSS 9.8 unauthenticated RCE vulnerability in Windows Server Upd...
CVE Breakdown Nov 2025

tools

3 total view all →
Python
subhunt
Async subdomain bruteforcer with wildcard DNS detection to cut down on false positives. Fast, cle...
Python github ↗
Python
portknock
Async port knocking tool with post-knock scanning and banner grabbing.
Python github ↗
Python
ipcheck
A simple CLI based utility that can check the reputation of IPs using the AbuseIPDB API.
Python github ↗

cheatsheets

3 total view all →