Detection engineering project to identify command-and-control (C2) infrastructure through network flow analysis, adaptive beacon detection, and SOC-oriented SIEM rules.

DarkNode is a modern Command & Control (C2) framework designed for adversary simulation, red team operations, and security research. It provides secure agent communication, flexible listeners, modular tasking, and scalable infrastructure to emulate real-world attack scenarios in authorized environments.

Defensive security toolkit for safe .onion C2 infrastructure analysis over Tor. Features multi-protocol port scanning, PCAP capture, static binary analysis, and comprehensive enumeration. Research use only.

Apollyon V45 – ELITE C2 is an advanced red team simulation framework focused on resilient command-and-control orchestration, secure telemetry, and agent lifecycle management. It enables realistic adversary emulation to assess defensive readiness, operational visibility, and infrastructure resilience in complex security scenarios.

Real-time filesystem security daemon — YARA scanning, automatic quarantine, eBPF network monitoring and C2 correlation for self-hosted infrastructure.

Developed a custom Python-based Command & Control (C2) framework that enables remote agent management, task execution, and data exfiltration, simulating real-world attacker infrastructure for offensive security research, red-team operations, and adversary emulation.

A project analyzing the security footprint and background noise of a Red Team C2 infrastructure

An offensive security test suite consisting of a client, a configurable C2 infrastructure, and several dynamically loaded sRDI modules.

ShadowForge: A modular, observable adversary simulation framework built in Rust for defensive security research and EDR validation. Integrates seamlessly with NebulaForage C2 infrastructure.

A comprehensive red team infrastructure toolkit featuring Mythic C2 framework integration, HTTP/HTTPS redirectors, and an EarlyBird process injection loader designed for authorized security assessments.

Advanced Tier-0 firmware rootkit framework achieving pre-boot persistence on Intel x86_64 UEFI systems. Features SMM Ring -2 execution, Boot Guard bypass, automated supply chain injection, and full C2 infrastructure with ChaCha20 encryption. For authorized security research only.