Security researcher building practical security systems across AppSec, AI/MCP security, DFIR, malware analysis, OSINT, deception, reverse engineering, and applied cryptography.
Portfolio and project docs: allsmog.github.io
My best work is not just scanners. I build operator tools that preserve evidence, run locally when possible, expose clear proof state, and turn noisy security data into defensible next actions.
| Project | Why it stands out | Domain |
|---|---|---|
| Kuzushi | Evidence-backed repository security workbench with a native Rust CLI/TUI, local-first scans, persisted findings, proof state, trace artifacts, SARIF, and PR review output. | AppSec, SAST, security workbench |
| Detonate | Malware analysis sandbox with Docker/QEMU execution, process and network telemetry, Suricata, YARA, threat-intel enrichment, STIX/HTML reports, and a hands-on reversing curriculum. | Malware analysis, sandboxing |
| VolatilityAI | Volatility3 memory forensics companion with deterministic rules, grounded LLM analysis, timelines, report diffing, MITRE ATT&CK mapping, and persistent investigation sessions. | DFIR, memory forensics |
| SignalTrace | Real-time OSINT dashboard on React, Leaflet, Hono, and Cloudflare Workers, combining conflict events, thermal hotspots, AIS, ADS-B, BGP anomalies, radiation, earthquakes, and humanitarian feeds. | OSINT, crisis monitoring |
| zkdpop-go | Go framework for Schnorr zero-knowledge login and DPoP-bound JWTs with replay protection, sender-constrained tokens, and resource-server middleware. | Applied crypto, authentication |
| RevGraph | Reverse engineering graph intelligence SDK using Neo4j, BCC/Ghidra artifacts, NL2Cypher, embeddings, similarity search, YARA generation, and MCP tools. | Reverse engineering |
| Yokai | Supply-chain deception platform with fake package registries, canary packages, typosquat monitoring, MITRE mapping, SARIF, webhooks, and tripwire reports. | Supply-chain security |
| Sasoi | Autonomous deception orchestration with specialized agents for enrichment, investigation, strategy, and response across honeypots, honeytokens, cloud decoys, and K8s traps. | Deception, threat intel |
| Project | Focus |
|---|---|
| mcp-pentest | MCP server for authorized penetration testing workflows with Nmap/Gobuster orchestration, context aggregation, AI-assisted triage, and reporting. |
| vuln-scout | Claude Code plugin for local whitebox security review with quick scans, Joern/CodeQL/Semgrep support, SARIF/HTML/Markdown reports, and CI gates. |
| kuzushi-security-plugin | Claude Code security review plugin that hunts source-to-sink bugs, validates findings with proof, checks patches, and reduces false positives. |
| promptarmor | Go CLI scanner for prompt injection, jailbreaks, tool abuse, LLM-as-judge checks, and CI-friendly failure modes. |
| promptarmor-plugin | Claude Code plugin and MCP server for LLM security red teaming with 80+ attack plugins, 25+ mutation strategies, and code-aware remediation. |
| llm-honeypot | Cowrie-based SSH honeypot with pluggable LLM backends, OAuth provider support, command logging, cost controls, and threat-intel capture. |
- blackbox-claude-plugin - Claude Code plugin for black-box and grey-box HackTheBox-style penetration testing.
- pwn-claude-plugin - Binary exploitation workflow plugin for CTF, pwn, ROP, GDB, pwntools, and pwndbg.
- randori-plugin - PASTA threat modeling with STRIDE, MITRE ATT&CK, CAPEC, DFDs, and attack trees.
- shinsa-plugin - AI-first ISO 27001, SOC 2, NIST, PCI DSS, and GRC assessment plugin for Claude Code.
- oxidized-joern - Rust-first Joern fork exploring code-property-graph frontends and security-analysis components.
- klee-ng - KLEE symbolic-execution fork for program analysis, test generation, and vulnerability-research workflows.
- ligolo-ng-relay - Ligolo-ng relay fork for TUN-based tunneling, pivoting, and authorized network-assessment workflows.
- I build end-to-end security products, not just scripts.
- I care about evidence, reproducibility, proof state, and operator control.
- I work across offensive security, defensive operations, forensics, threat intelligence, and applied cryptography.
- I use AI where it improves triage, analysis, and workflow speed, while keeping deterministic checks and local artifacts in the loop.
security research, AppSec, AI security, MCP security, Model Context Protocol, agentic SAST, vulnerability scanning, malware analysis, malware sandbox, memory forensics, Volatility3, DFIR, OSINT, threat intelligence, deception, honeypots, supply-chain security, reverse engineering, Neo4j, CodeQL, Joern, code-property graphs, KLEE, symbolic execution, Semgrep, prompt injection, LLM security, applied cryptography, DPoP, zero-knowledge authentication, tunneling, pivoting, Ligolo-ng.