Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers (Chrome, Microsoft Edge, Firefox, Opera, Opera GX, and Vivaldi)

Extract data from modern Chrome versions, including refresh tokens, cookies, saved credentials, autofill data, browsing history, and bookmarks

AD Lab Setup Scripts

WiFi Evil Twin Attack - Credential Harvest Tool

Tests with Network Providers DLLs, adding some extra functionality to NPPSpy2 by @gtworek

Python spyware that captures keystrokes, mouse inputs, screenshots & microphone audio — exfiltrates via email every 10 seconds with self-delete on discovery.

Toolkit for authorized red-team simulations on Telegram

Web traffic interception simulation tool for cybersecurity research and defensive learning in isolated lab environments.

Forensics Credential Harvester is a cross-platform tool for digital forensics professionals to extract and recover browser credentials from popular web browsers (Chrome, Firefox, Safari, Brave, and Internet Explorer).

Crafted a spoofed website login page mimicking a legitimate website and designed a phishing email to simulate credential harvesting

ARP Spoofing & MiTM Suite with Real-Time Credential Sniffing & DNS Spoofing

🔍 Extract sensitive data from modern Chrome versions, including credentials, cookies, and browsing history, for improved security management.

Proof-of-concept captive portal credential harvester using create_ap and Flask.

End-to-end phishing simulation and SOC investigation lab - deploying GoPhish credential harvesting infrastructure and detecting execution via Windows EventID 4688 parent-child process analysis in Splunk.

A Next-Generation Phishing Simulation & Awareness Platform

Security research documenting 7 techniques for intercepting SSH authentication credentials on Linux systems. Covers patched OpenSSH, LD_PRELOAD, eBPF, PAM hooks, and ptrace methods—tested on RHEL 9.5 with SELinux enforcing. Includes detection guidance for defenders.

Investigation of a live phishing campaign impersonating Meta’s “Verified Badge” process that demonstrates credential harvesting, 2FA interception, and attacker infrastructure through network traffic analysis

This case study presents a social engineering attack using a shortened URL embedded in a phishing email. The email, crafted to impersonate internal IT support, urged the user to “update their credentials” by clicking a masked bit.ly link.

Security research and exploit development: vulnerability analysis, exploit chain implementation, post-exploitation tradecraft, and defensive assessment tooling. Covers browser engines, persistence mechanisms, credential harvesting, C2 patterns, and AI-accelerated attack automation.

Cross-platform credential stealer with Sigma rules and IR playbooks.