visitor@0xll.sh:~$ whoami --verbose

0xll

penetration tester · red team operator · bug bounty

I break into things that are supposed to be secure — with a signed SOW and rules of engagement — then write it up so it gets fixed. Focus on Active Directory, C2 & evasion, and external attack surface.

cert: CRTO track: OSEP / CREST CRT focus: AD · C2 · evasion loc: Panama
projects ls -la · 4 repos
xrecon/ active

External recon framework — an 11-module Python package that orchestrates the ProjectDiscovery stack (subfinder → dnsx → httpx → naabu → nuclei) into a single, resumable attack-surface pipeline.

Python ProjectDiscovery Kali/WSL2
readme source last commit · 3d ago
redcell/ wip

Agentic assistant framework for authorized offensive work — local models via Ollama with hardened session storage (LUKS), scope-locked egress (iptables), and pluggable model backends.

Python Ollama hardened
notes private · request access
nuclei-templates/ active

A small collection of custom nuclei templates from live engagements — misconfig checks and single-CVE detections written up and generalized for reuse. PRs upstream where they fit.

YAML nuclei
browse source last commit · 2w ago
dotfiles/ stable

My Kali/WSL2 setup — fish shell config, tmux, and a bootstrap script that provisions the standard offensive kit on a fresh box. Opinionated, portable, boring on purpose.

fish shell
source last commit · 1mo ago
certs ./certs --status
[x] held [~] in progress [ ] planned
[x]CRTORed Team Ops
[x]eCPPTeLearnSecurity
[x]eWPTWeb App Pentest
[x]CEH MasterEC-Council
[x]CEH PracticalEC-Council
[x]CySA+CompTIA
[x]PenTest+CompTIA
[x]CCISC2
[~]CREST CPSApractitioner
[~]CREST CRTregistered tester
[ ]OSEPPEN-300 · 2027

visitor@0xll.sh:~$ cat contact.txt

For coordinated disclosure or engagement inquiries, PGP preferred.
$ logout   process exited with code 0 · © 2026 0xll