root@not0day:~$

I am Not0Day

// Penetration Tester & Security Researcher

Exploiting vulnerabilities before adversaries do. Specializing in red team operations, web & network penetration testing, and CTF competitions. Dedicated to turning zero-days into not-a-problem.

View Projects Get In Touch
HTB Academy Labs
CEH Certified
Python Security Tooling

// 01. about

Who is Not0Day?

Independent security researcher focused on offensive security and cryptographic integrity. Currently mastering the HTB CPTS methodology and developing custom security tools in Python. Certified Ethical Hacker (CEH) with a drive for automated integrity auditing.

CEH HTB Academy Labs Python Security Tooling
Download CV
handle Not0Day
focus Offensive Security & Crypto Integrity
training HTB CPTS (Academy Labs)
cert CEH (Certified)
tooling Python (Security Tooling)
status Available for engagements

// 02. skills

Technical Arsenal

Tools, techniques, and knowledge domains I operate with daily.

Offensive Security

  • Penetration Testing
  • Red Team Operations
  • Exploit Development
  • Privilege Escalation
  • Social Engineering
  • Post-Exploitation

Web Application Security

  • OWASP Top 10
  • SQL Injection
  • XSS / CSRF
  • SSRF / XXE
  • Authentication Bypass
  • API Security

Network Security

  • Network Reconnaissance
  • Man-in-the-Middle
  • ARP / DNS Spoofing
  • Firewall Evasion
  • VPN Analysis
  • Packet Analysis (Wireshark)

Tools & Platforms

  • Metasploit Framework
  • Burp Suite Pro
  • Nmap / Masscan
  • Cobalt Strike
  • BloodHound / SharpHound
  • Impacket / CrackMapExec

Languages & Scripting

  • Python (Tooling)
  • Bash/ZSH (Linux)
  • PowerShell (Windows)
  • JavaScript (Web)

Forensics & RE

  • Reverse Engineering
  • Malware Analysis
  • Binary Exploitation
  • Ghidra / IDA Pro
  • GDB / pwndbg
  • Digital Forensics

// 03. projects

Featured Projects

Open-source tools and research I've built and published.

Hashing Utility

A Python-based cryptographic hashing utility for automated integrity checks and file verification. Supports multiple hash algorithms for security tooling workflows.

PythonCryptographySecurityIntegrity

AutoPwn Framework

Modular automated exploitation framework written in Python. Supports plugin-based architecture for custom exploit modules, post-exploitation automation, and report generation.

PythonExploitationAutomationOpen Source

WebRecon Toolkit

Comprehensive web application reconnaissance suite combining passive OSINT, active scanning, and vulnerability fingerprinting into a single CLI tool.

PythonOSINTWeb SecurityCLI

AD BloodHound Automation

Scripts and playbooks to automate Active Directory enumeration, BloodHound data collection, and attack path identification during red team assessments.

PowerShellActive DirectoryRed TeamBloodHound

CVE-2024-XXXX PoC

Proof-of-concept exploit for a critical authentication bypass vulnerability discovered through independent research. Responsibly disclosed and patched.

CVEExploitResponsible DisclosureC
archived

Phishing Infrastructure Toolkit

Red team phishing campaign setup automation: GoPhish deployment, domain categorization bypass, email template generation, and tracking dashboard.

GoRed TeamPhishingDocker

CTF Solver Toolkit

Collection of purpose-built scripts for rapid CTF challenge solving: crypto solvers, binary patchers, steg extractors, and web exploit templates.

PythonCTFCryptographyForensics
View all on GitHub →

// 04. ctf & research

CTF Writeups

Selected challenge writeups and security research from competitions and independent work.

HTB Cyber Apocalypse 2024 Hard

LockTalk

Web

JWT algorithm confusion attack combined with SSRF to achieve RCE on the backend Flask server. Leveraged HS256/RS256 confusion to forge admin tokens.

JWTSSRFRCEPython
PicoCTF 2024 Medium

heap3

Binary Exploitation

Heap overflow vulnerability in a custom allocator. Exploited tcache poisoning to achieve arbitrary write and pop a shell via got.plt overwrite.

HeapTcachepwnC
DEFCON CTF Quals 2024 Hard

k-smallest

Crypto

Lattice-based attack against a custom DSA variant with biased nonces. Used LLL reduction to recover the private key from a small number of signatures.

LatticeLLLDSASageMath
HackTheBox — Machines Insane

Rebound

Active Directory

Full AD domain compromise via Kerberoasting → cross-forest trust abuse → shadow credentials attack to achieve DA on a multi-domain environment.

Active DirectoryKerberosShadow CredsWindows
Google CTF 2024 Medium

gradebook

Web

Prototype pollution in a Node.js app leading to RCE via the vm2 sandbox escape. Chained with a deserialization gadget for persistent access.

Proto PollutionNode.jsRCEJavaScript
HTB Sherlock — Forensics Easy

Logjammer

Forensics

Windows event log forensics. Traced lateral movement through WinRM, identified the initial access vector via 4624/4625 logon events, and recovered attacker TTPs.

DFIRWindowsEvent LogsSplunk
All Writeups →

// 05. contact

Get In Touch

Whether you're looking to hire a penetration tester, collaborate on security research, or discuss a responsible disclosure — my inbox is open. I respond to all serious enquiries.


For vulnerability reports, please use the PGP-encrypted channel or the secure contact form. For general enquiries, any channel works.

Email not0day@proton.me
GitHub Not-So-ZeroDay