Research

Active Research

Ongoing technical explorations at the intersection of offensive security, intelligence analysis, and applied AI. All research is conducted for educational and defensive purposes.

SECURITYActive

NetHunter KOE — Kali on Everything

Kali NetHunter is the official Kali Linux mobile penetration testing platform. The KOE (Kali-on-Everything) initiative extends NetHunter beyond supported Nexus/OnePlus/Samsung devices to arbitrary Android hardware — including budget devices, retired enterprise phones, and custom ROM targets.

Research threads

Generic kernel module porting via DKMS-style patching
HID attack surface on non-supported chipsets (Qualcomm, MediaTek, Unisoc)
Wi-Fi injection compatibility testing across monitor-mode drivers
Chroot rootfs deployment without official device trees
Custom NetHunter App + Kex desktop session on AOSP 12–14

Progress

Kernel patch framework85%

HID attack surface60%

Wi-Fi injection drivers45%

Chroot deployment70%

Documentation30%

Hardware Compatibility Matrix

Device	Chipset	Android	Kernel	Wi-Fi	HID	Chroot	Status
Pixel 4a	Qualcomm SD730G	13	4.14	✅	✅	✅	Full
Samsung A52	Qualcomm SD720G	14	4.19	✅	✅	✅	Full
Redmi Note 11	MediaTek Helio G88	12	4.19	⚠️	✅	✅	Partial
Moto G Power	Qualcomm SD662	12	4.14	✅	⚠️	✅	Partial
Realme C35	Unisoc T616	12	4.14	❌	⚠️	✅	Limited
Nokia G20	MediaTek Helio G35	13	4.19	⚠️	❌	✅	Limited

✅ Supported · ⚠️ Partial / requires patches · ❌ Not yet supported

Research Paper →Official Docs ↗GitHub ↗

OSINTActive

MOD-OSINT — Modular Open-Source Intelligence Platform

A modular OSINT platform built on FastAPI and Neo4j for automated entity profiling, relationship inference, and multi-format intelligence reporting. Features a plugin-based module architecture with contract validation, an async event bus, and export to PDF, HTML, STIX, and CSV formats.

Research threads

Plugin-based module system with MODULE_META contracts and dry-run validation
Neo4j entity-relationship graph with automated inference pipelines
FastAPI backend with async orchestration and SQLite caching
Multi-format export: PDF, HTML, STIX/TAXII, CSV, merged JSON
Module contract compliance checker for third-party extensions
Six-phase development lifecycle from core infrastructure to hardening

Progress

Core infrastructure90%

Module framework80%

Entity profiling70%

Export pipeline65%

Documentation50%

Research Paper →GitHub ↗

SECURITYActive

WAP — Wireless Audit Pipeline

An event-driven Python pipeline automating the full 802.11 wireless security audit workflow: from raw frame capture through structured target profiling, vulnerability scoring, network visualization, attack vector recommendation, and HTML report generation. Operates as a recommendation engine — no commands executed unless explicitly armed.

Research threads

Module 0: Capture Controller — monitor mode, dumpcap ring-buffer, file rotation
Module 1: Stream Processor — TShark JSON streaming, frame classification
Module 2: Profile Manager — TargetProfile aggregation, SQLite persistence, OUI lookup
Module 3: Scoring Engine — configurable vulnerability scoring, risk band classification
Module 4: Visualization Engine — NetworkX bipartite graph, Matplotlib PNG, GraphML
Module 5: Vector Mapper — rule-based attack recommendation (dry-run default)
Module 6: Report Engine — Jinja2 HTML/PDF, attack trees, MITRE ATT&CK references

Progress

Core infrastructure (Phase 1)100%

Ingestion & profiling (Phase 2)100%

Scoring & visualization (Phase 3)100%

Vector mapping & reporting (Phase 4)100%

Hardening & POC (Phase 5)25%

Research Paper →Tool Reference →

RESEARCHIn Development

Cyber Forensics Investigation — Training Suite

A modular, field-tested training program for law enforcement cyber units specializing in Software-Defined Radio (SDR) forensic analysis, mobile signal threat response, and RF-based IoT surveillance. Includes 42 instructional modules, Python/Bash automation scripts, and an AI fine-tuning dataset for LLM-assisted forensics workflows.

Research threads

42 modules covering SDR basics through advanced AI-driven signal classification
OpenBTS GSM simulation, IMSI catcher detection, and rogue BTS emulation
5G/IoT spectrum reconnaissance and GPS spoofing forensics
BLE/ZigBee/LoRa recon modules with Raspberry Pi + Flipper Zero field kits
AI/ML fine-tuning dataset (Cyber_Forensics_Finetune.json) for LLM training
Chain-of-custody procedures and legal compliance documentation per module
WPA2/WPA3 wireless reconnaissance, handshake capture, and key cracking workflows

Progress

Module content (42 modules)75%

Python/Bash scripts60%

AI fine-tuning dataset40%

GNURadio flow graphs55%

Legal & compliance docs35%

Research areas

◎

OSINT & Entity Graphs

Graph-theoretic open-source intelligence: automated relationship inference, Neo4j schema design, and adversarial data collection pipelines.

⬡

LLM-Assisted Forensics

Applying large language models to digital forensics workflows — chain-of-custody-safe evidence summarisation, anomaly flagging, and report generation.

⌬

Adversarial ML Defences

Red-team testing of production ML pipelines: prompt injection, model inversion, and membership inference — with corresponding mitigations.

Papers & Guides →API & Inference →Blog →

Loading

Initializing quantum state...

NetHunter KOE — Kali on Everything

Research threads

Generic kernel module porting via DKMS-style patching
HID attack surface on non-supported chipsets (Qualcomm, MediaTek, Unisoc)
Wi-Fi injection compatibility testing across monitor-mode drivers
Chroot rootfs deployment without official device trees
Custom NetHunter App + Kex desktop session on AOSP 12–14

Progress

Kernel patch framework85%

HID attack surface60%

Wi-Fi injection drivers45%

Chroot deployment70%

Documentation30%

Hardware Compatibility Matrix

Device	Chipset	Android	Kernel	Wi-Fi	HID	Chroot	Status
Pixel 4a	Qualcomm SD730G	13	4.14	✅	✅	✅	Full
Samsung A52	Qualcomm SD720G	14	4.19	✅	✅	✅	Full
Redmi Note 11	MediaTek Helio G88	12	4.19	⚠️	✅	✅	Partial
Moto G Power	Qualcomm SD662	12	4.14	✅	⚠️	✅	Partial
Realme C35	Unisoc T616	12	4.14	❌	⚠️	✅	Limited
Nokia G20	MediaTek Helio G35	13	4.19	⚠️	❌	✅	Limited

✅ Supported · ⚠️ Partial / requires patches · ❌ Not yet supported

MOD-OSINT — Modular Open-Source Intelligence Platform

Research threads

Plugin-based module system with MODULE_META contracts and dry-run validation
Neo4j entity-relationship graph with automated inference pipelines
FastAPI backend with async orchestration and SQLite caching
Multi-format export: PDF, HTML, STIX/TAXII, CSV, merged JSON
Module contract compliance checker for third-party extensions
Six-phase development lifecycle from core infrastructure to hardening

Progress

Core infrastructure90%

Module framework80%

Entity profiling70%

Export pipeline65%

Documentation50%

WAP — Wireless Audit Pipeline

Research threads

Module 0: Capture Controller — monitor mode, dumpcap ring-buffer, file rotation
Module 1: Stream Processor — TShark JSON streaming, frame classification
Module 2: Profile Manager — TargetProfile aggregation, SQLite persistence, OUI lookup
Module 3: Scoring Engine — configurable vulnerability scoring, risk band classification
Module 4: Visualization Engine — NetworkX bipartite graph, Matplotlib PNG, GraphML
Module 5: Vector Mapper — rule-based attack recommendation (dry-run default)
Module 6: Report Engine — Jinja2 HTML/PDF, attack trees, MITRE ATT&CK references

Progress

Core infrastructure (Phase 1)100%

Ingestion & profiling (Phase 2)100%

Scoring & visualization (Phase 3)100%

Vector mapping & reporting (Phase 4)100%

Hardening & POC (Phase 5)25%

Cyber Forensics Investigation — Training Suite

Research threads

42 modules covering SDR basics through advanced AI-driven signal classification
OpenBTS GSM simulation, IMSI catcher detection, and rogue BTS emulation
5G/IoT spectrum reconnaissance and GPS spoofing forensics
BLE/ZigBee/LoRa recon modules with Raspberry Pi + Flipper Zero field kits
AI/ML fine-tuning dataset (Cyber_Forensics_Finetune.json) for LLM training
Chain-of-custody procedures and legal compliance documentation per module
WPA2/WPA3 wireless reconnaissance, handshake capture, and key cracking workflows

Progress

Module content (42 modules)75%

Python/Bash scripts60%

AI fine-tuning dataset40%

GNURadio flow graphs55%

Legal & compliance docs35%