Atlas ASM
Open source attack surface management platform built on free tooling. Discovers subdomains, validates live hosts, scans open ports, runs Nuclei templates, and pulls known emails and breached credentials from public sources.
I'm an offensive security professional specializing in web application security and adversarial consulting. At Armadin, I conduct offensive assessments that uncover real-world vulnerabilities and provide organizations with actionable risk intelligence.
With a background in application security engineering, I bridge the gap between builder and breaker, bringing a developer's intuition to offensive work. I also integrate AI tooling into security workflows for enhanced efficiency and coverage.
Adversarial assessments that go beyond automated scanning. I simulate real-world threat actors, giving organizations an unfiltered view of their attack surface and true risk exposure.
Leveraging large language models and AI tooling to enhance offensive security workflows — from intelligent reconnaissance to automated vulnerability analysis and coverage at scale.
Independent research into real-world projects — auditing source code and developing proof-of-concept exploits in open source and closed source applications.
Open source attack surface management platform built on free tooling. Discovers subdomains, validates live hosts, scans open ports, runs Nuclei templates, and pulls known emails and breached credentials from public sources.
Lightweight Java-based HTTP intercepting proxy and web application security scanner. Features real-time traffic interception, active/passive scanning (XSS, CSRF, SQLi), and request manipulation for offensive testing.
Mobile app for sharing vintage-filtered photos exclusively with your close friend group. No public feeds, no algorithmic discovery — only your circle can see your moments.
Any authenticated user can access private files by guessing the file path, bypassing access control restrictions on the Frappe Framework.
View Advisory →A stored XSS vulnerability in the user profile image section allows attackers to execute malicious scripts in the browsers of other users through image uploads.
View Advisory →Missing authorization checks on administrative API endpoints allowed low-level users to edit purchase order (PO) status and assign users to customer profiles beyond their permitted role. Affects versions prior to 14.28.0.
View Advisory →XML External Entity injection in Allure 2's xunit, JUnit, and TRX result-processing plugins. Unsafe DocumentBuilderFactory configuration allows remote code execution via malicious test reports.