5-day longest streak
<!-- Strategist's Terminal — profile README for bb1nfosec. GFM + self-hosted SVG only. --> ~ whoami Independent security researcher · cybersecurity systems engineer on critical infrastructure. I find vulnerabilities by…
<!-- Strategist's Terminal — profile README for bb1nfosec. GFM + self-hosted SVG only. -->
~ whoami
Independent security researcher · cybersecurity systems engineer on critical infrastructure.
I find vulnerabilities by reading source, work the seam where AI systems meet offensive and
defensive security, and build security education that doesn't require English to enter.
~/focus
~/operations
chanakya-opsec ⭐ 3
multi-layer OPSEC failure analysis — how operational security actually breaks
bheeshma ⭐ 2
runtime telemetry for npm dependencies — watches what packages do, not what they claim
vaathi ⭐ 21
open-source cybersecurity learning OS — zero to practitioner, in your own language
dvai ⭐ 5
Damn Vulnerable AI Ecosystem — zero-infrastructure red-team range for AI systems
distill ⭐ 4
cuts LLM input cost 40–75% with repo-aware token reduction
Information-Security-Tasks ⭐ 180
daily infosec problem statements — forensics, OSINT, malware analysis, red and blue team
The names are the thesis — chanakya the strategist, bheeshma the guardian, vaathi the teacher. Old disciplines, new attack surface.
~/track-record
Bug bounty across HackerOne, Bugcrowd, Immunefi, Code4rena and YesWeHack — findings argued from source, not scanner output.
BalCCon2k18 (Novi Sad): hybrid-cloud red teaming against Azure AD.
~/signals
X · @bbinfosec · ORCID · 0009-0001-7412-0211 · India
<!--
third-party origins FETCHED on profile view (the rendered dependency surface):
raw.githubusercontent.com — self-hosted SVGs from THIS repo (banner dark/light, focus dark/light),
served through GitHub's camo image proxy. Nothing executes per view.
Fonts: zero render-time fetches. The terminal text embeds a 4 KB subset of JetBrains Mono
(OFL-1.1, see assets/fonts/) as a data URI inside each banner SVG; the wordmark is
IBM Plex Sans Bold outlined to vector paths at build time. No Google Fonts, no shields.io,
no stat cards, no typing-svg service, no visitor counters.
Animation lives inside the SVGs (pure CSS keyframes, no SMIL, no scripts) and is gated by
prefers-reduced-motion: reduced-motion viewers get the finished frame.
Outbound LINKS only (not fetched on view): github.com, x.com, orcid.org.
-->
-
MLASTG ★ PINNED
MLSec Application Security Testing Guide (MLASTG) — Enterprise & Defense-Grade Security Verification and Testing Standard for Machine Learning and LLM Systems
Python ★ 4 8d agoExplain → -
bheeshma ★ PINNED
Runtime dependency-behavior monitor for Node.js. Two engines: in-process telemetry + an out-of-process (strace) trust boundary that sees native egress & persistence. Defense-in-depth for npm supply-chain attacks — SARIF, GitHub Action, zero deps.
JavaScript ★ 3 11h agoExplain → -
dvai ★ PINNED
DVAI - Damn Vulnerable AI Ecosystem. Open-source, zero-infrastructure-cost AI red team training range.
TypeScript ★ 5 1mo agoExplain → -
vaathi ★ PINNED
🛡️ Vaathi — India's Open Source Cybersecurity Learning OS. From zero to ethical hacker — in your language, at your pace, on your machine.
Python ★ 22 1mo agoExplain → -
Information-Security-Tasks ★ PINNED
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Python ★ 180 11h agoExplain → -
chanakya-opsec ★ PINNED
Multi-layer OPSEC failure analysis framework - Research-grade threat modeling and signal correlation
Python ★ 3 5mo agoExplain → -
Centos-Harden-Script
Centos script for hardening the operating system, It has minimalistic features will add few more during the journey.
Shell ★ 5 7y agoExplain → -
IOS-Pentest-Cheatsheet
Collection of IOS penetration test cheatsheet
★ 5 6y agoExplain → -
skim
Runtime token proxy + intelligence dashboard for LLM tools. Intercepts API calls, strips waste, tracks costs — for individual developers and Fortune 500 teams.
Python ★ 4 1mo agoExplain → -
agni
Agni EDR - Open-source EDR simulator for red teamers | AI-powered collaboration
Rust ★ 4 5mo agoExplain → -
sabha-devsec
Strategic Cyber Risk Intelligence Platform - Transform security scans into CFO-level financial impact analysis
JavaScript ★ 3 5mo agoExplain → -
Agentguard
Your AI agent has no idea it's been hijacked. AgentGuard does
Python ★ 3 1mo agoExplain → -
AI_Security_Testing
Collection of links and resources which i gain daily over the AI world, It includes LLM and other visionary models on testing and other sources
★ 2 1y agoExplain → -
tripti
A calm, local-first, bring-your-own-LLM food companion for Indian households. No servers, your data stays on your device.
TypeScript ★ 1 15d agoExplain → -
google-cloud-go ⑂
Google Cloud Client Libraries for Go.
★ 1 23d agoExplain → -
bchecks-top2024
based on https://x.com/PortSwiggerRes/status/1886792856204959824?t=zRm2hVCr2UeewQSvgenERQ&s=08 just implemented bchecks for additional stuff
★ 1 1y agoExplain → -
red-team-server ⑂
Red Team Server (RTS)
★ 1 4y agoExplain → -
Ransom ⑂
Various codes related to Ransomware Developement
Python ★ 1 9y agoExplain → -
Pentest-Tools ⑂
No description.
★ 1 5y agoExplain → -
linpostexp ⑂
Linux post exploitation enumeration and exploit checking tools
Shell ★ 1 11y agoExplain → -
app-sec-wiki ⑂
Files for appsecwiki.com
★ 1 7y agoExplain → -
TLS-Tamper-Script-Powershell
All credits to the owner Just cloning for safety
★ 1 6y agoExplain → -
bb1nfosec.github.io
No description.
HTML ★ 0 8d agoExplain → -
vuln-corpus
Structured, machine-readable corpus of 23 real-world vulnerabilities — metadata, CWE, root cause, exploit primitive & discovery methodology — distilled from public Exploitarium PoC research. For defensive/educational use.
Python ★ 0 8d agoExplain → -
awesome-ai-security ⑂
A collection of awesome resources related AI security
★ 0 9d agoExplain → -
awesome-llm-security ⑂
A curation of awesome tools, documents and projects about LLM Security.
★ 0 9d agoExplain → -
dlp-guardian
Cross-platform personal browser credential DLP monitor. Linux: fanotify blocking | Windows: NtQueryInfo polling. Blocks infostealers from reading cookies/passwords in real-time.
Python ★ 0 11d agoExplain → -
nestguard
No description.
JavaScript ★ 0 13d agoExplain → -
aravindsai ⑂
Personal portfolio - Senior Mobile Application Developer
★ 0 19d agoExplain → -
bb1nfosec
GitHub profile
★ 0 25d agoExplain → -
Itsus ⑂
Real-time military threat intelligence platform. Telegram monitoring + AI reports + interactive map.
★ 0 1mo agoExplain → -
Presentations
My personal talks across the conferences.
★ 0 1mo agoExplain → -
Agentguardv2
Runtime security fabric for AI agents. Policy-as-code governance with trust segmentation, cognitive velocity detection, behavior chain analysis, and multi-agent identity tracking.
Python ★ 0 1mo agoExplain → -
Internalv ⑂
Glasswing inspired
★ 0 2mo agoExplain → -
Ndaywindows ⑂
The Red Sun vulnerability repository
★ 0 2mo agoExplain → -
openage ⑂
Open weight models to solve the issues with aging biomarker measurements detailed at https://x.com/nikhilyadala/status/2035920229889630486/
★ 0 3mo agoExplain → -
Foroptions ⑂
No description.
★ 0 3mo agoExplain → -
GeoSentinel ⑂
**GeoSentinel** is a geospatial monitoring platform that tracks global movement in real time. It aggregates ship and flight routes, live coordinates, and geodata into a unified system, providing clear geographic and geopolitical awareness for analysis, visualization, and decision-making.
★ 0 4mo agoExplain → -
ground-station ⑂
Ground Station is all-in-one satellite monitoring suite
★ 0 4mo agoExplain → -
WireTapper ⑂
WireTapper is a wireless OSINT tool that passively detects and maps Wi-Fi, Bluetooth, CCTV cameras, vehicles, headphones, TVs, IoT devices, and cell towers, turning nearby radio signals into clear situational intelligence 📡
★ 0 5mo agoExplain → -
Machinelearning-basics
To explain the basics of machine learning and to keep shortnotes over it
★ 0 1y agoExplain → -
lowai ⑂
lowai
★ 0 2y agoExplain → -
DVWA ⑂
Damn Vulnerable Web Application (DVWA)
★ 0 2y agoExplain → -
GujalKodiWork ⑂
creating copy for kodi ip tv research
★ 0 3y agoExplain → -
gum ⑂
A tool for glamorous shell scripts 🎀
★ 0 3y agoExplain → -
learn-to-cloud ⑂
Learn the fundamentals of cloud computing
★ 0 3y agoExplain → -
HowToHunt ⑂
Tutorials and Things to Do while Hunting Vulnerability.
★ 0 4y agoExplain → -
RedBPF-Team-Kingoo ⑂
ingraind is a security monitoring agent built around RedBPF for complex containerized environments and endpoints. The ingraind agent uses eBPF probes to provide safe and performant instrumentation for any Linux-based environment.
★ 0 4y agoExplain → -
WindowsExploitationResources ⑂
Resources for Windows exploit development
★ 0 4y agoExplain → -
Incident-Playbook ⑂
GOAL: Incident Response Playbooks Mapped to MITRE Attack Tactics and Techniques. [Contributors Friendly]
★ 0 4y agoExplain → -
R3d-Buck3T ⑂
Penetration Testing, Vulnerability Assessment and Red Team Learning
★ 0 4y agoExplain → -
ms-sec-design-checklist ⑂
No description.
★ 0 4y agoExplain → -
Pentest_Project ⑂
整理渗透测试、内网渗透、爆破字典、漏洞库、代码审计、渗透测试面试题相关项目
★ 0 4y agoExplain → -
PentesterSpecialDict ⑂
渗透测试人员专用精简化字典 Dictionary for penetration testers happy hacker
★ 0 4y agoExplain → -
Windows-auditing-mindmap ⑂
Set of Mindmaps providing a detailed overview of the different #Windows auditing capacities and event log files.
★ 0 4y agoExplain → -
Top10 ⑂
Official OWASP Top 10 Document Repository
★ 0 4y agoExplain →
No repos match these filters.