security researcher

r00t26
Security Engineer. Researcher. Builder.

I do offensive security work, develop tools, and document everything worth documenting.

⚑ writeups ⚙ my tools
bash — r00t26@kali
~/$ whoami
security engineer · researcher · perpetual tinkerer

~/$ cat interests.txt
web exploitation, linux exploitation, reverse engineering, osint

~/$ ls -la ./certs
Security+, Pentest+, CEH, CISSP

~/$ _

recent writeups

6 total view all →
Hard web
CVE-2026-32746
A breakdown of CVE-2026-32746, a CVSS 9.8 unauthenticated pre-auth RCE in GNU inetutils telnetd c...
CVE Breakdown Apr 2026
Easy linux
Cap
IDOR vulnerability on a security dashboard exposes a pcap containing plaintext FTP credentials, l...
CTF Mar 2026
Hard web
Ni8mare — CVE-2026-21858
A breakdown of CVE-2026-21858, a CVSS 10.0 unauthenticated RCE vulnerability in n8n caused by Con...
CVE Breakdown Mar 2026
Hard web
Pwning the Protector — CVE-2025-69258
A breakdown of CVE-2025-69258, an unauthenticated RCE vulnerability in Trend Micro Apex Central c...
CVE Breakdown Jan 2026
Medium web
React2Shell — CVE-2025-55182
A breakdown of CVE-2025-55182, a CVSS 10.0 unauthenticated RCE vulnerability.
CVE Breakdown Dec 2025
Hard web
WSUS RCE — CVE-2025-59287
A breakdown of CVE-2025-59287, a CVSS 9.8 unauthenticated RCE vulnerability in Windows Server Upd...
CVE Breakdown Nov 2025

tools

4 total view all →
Python
nightmare
Linux privilege escalation enumeration with AI-powered triage. Find the path to root — fast.
Python github ↗
Python
subhunt
Async subdomain bruteforcer with wildcard DNS detection to cut down on false positives. Fast, cle...
Python github ↗
Python
portknock
Async port knocking tool with post-knock scanning and banner grabbing.
Python github ↗
Python
ipcheck
A simple CLI based utility that can check the reputation of IPs using the AbuseIPDB API.
Python github ↗

cheatsheets

4 total view all →