Skip to content

Research

Active Research

Ongoing technical explorations at the intersection of offensive security, intelligence analysis, and applied AI. All research is conducted for educational and defensive purposes.

SECURITYActive

NetHunter KOE — Kali on Everything

Kali NetHunter is the official Kali Linux mobile penetration testing platform. The KOE (Kali-on-Everything) initiative extends NetHunter beyond supported Nexus/OnePlus/Samsung devices to arbitrary Android hardware — including budget devices, retired enterprise phones, and custom ROM targets.

Research threads

  • Generic kernel module porting via DKMS-style patching
  • HID attack surface on non-supported chipsets (Qualcomm, MediaTek, Unisoc)
  • Wi-Fi injection compatibility testing across monitor-mode drivers
  • Chroot rootfs deployment without official device trees
  • Custom NetHunter App + Kex desktop session on AOSP 12–14

Progress

Kernel patch framework85%
HID attack surface60%
Wi-Fi injection drivers45%
Chroot deployment70%
Documentation30%

Hardware Compatibility Matrix

DeviceChipsetAndroidKernelWi-FiHIDChrootStatus
Pixel 4aQualcomm SD730G134.14Full
Samsung A52Qualcomm SD720G144.19Full
Redmi Note 11MediaTek Helio G88124.19⚠️Partial
Moto G PowerQualcomm SD662124.14⚠️Partial
Realme C35Unisoc T616124.14⚠️Limited
Nokia G20MediaTek Helio G35134.19⚠️Limited

✅ Supported · ⚠️ Partial / requires patches · ❌ Not yet supported

Research Paper →Official Docs ↗GitHub ↗
OSINTActive

MOD-OSINT — Modular Open-Source Intelligence Platform

A modular OSINT platform built on FastAPI and Neo4j for automated entity profiling, relationship inference, and multi-format intelligence reporting. Features a plugin-based module architecture with contract validation, an async event bus, and export to PDF, HTML, STIX, and CSV formats.

Research threads

  • Plugin-based module system with MODULE_META contracts and dry-run validation
  • Neo4j entity-relationship graph with automated inference pipelines
  • FastAPI backend with async orchestration and SQLite caching
  • Multi-format export: PDF, HTML, STIX/TAXII, CSV, merged JSON
  • Module contract compliance checker for third-party extensions
  • Six-phase development lifecycle from core infrastructure to hardening

Progress

Core infrastructure90%
Module framework80%
Entity profiling70%
Export pipeline65%
Documentation50%
Research Paper →GitHub ↗
SECURITYActive

WAP — Wireless Audit Pipeline

An event-driven Python pipeline automating the full 802.11 wireless security audit workflow: from raw frame capture through structured target profiling, vulnerability scoring, network visualization, attack vector recommendation, and HTML report generation. Operates as a recommendation engine — no commands executed unless explicitly armed.

Research threads

  • Module 0: Capture Controller — monitor mode, dumpcap ring-buffer, file rotation
  • Module 1: Stream Processor — TShark JSON streaming, frame classification
  • Module 2: Profile Manager — TargetProfile aggregation, SQLite persistence, OUI lookup
  • Module 3: Scoring Engine — configurable vulnerability scoring, risk band classification
  • Module 4: Visualization Engine — NetworkX bipartite graph, Matplotlib PNG, GraphML
  • Module 5: Vector Mapper — rule-based attack recommendation (dry-run default)
  • Module 6: Report Engine — Jinja2 HTML/PDF, attack trees, MITRE ATT&CK references

Progress

Core infrastructure (Phase 1)100%
Ingestion & profiling (Phase 2)100%
Scoring & visualization (Phase 3)100%
Vector mapping & reporting (Phase 4)100%
Hardening & POC (Phase 5)25%
Research Paper →Tool Reference →
RESEARCHIn Development

Cyber Forensics Investigation — Training Suite

A modular, field-tested training program for law enforcement cyber units specializing in Software-Defined Radio (SDR) forensic analysis, mobile signal threat response, and RF-based IoT surveillance. Includes 42 instructional modules, Python/Bash automation scripts, and an AI fine-tuning dataset for LLM-assisted forensics workflows.

Research threads

  • 42 modules covering SDR basics through advanced AI-driven signal classification
  • OpenBTS GSM simulation, IMSI catcher detection, and rogue BTS emulation
  • 5G/IoT spectrum reconnaissance and GPS spoofing forensics
  • BLE/ZigBee/LoRa recon modules with Raspberry Pi + Flipper Zero field kits
  • AI/ML fine-tuning dataset (Cyber_Forensics_Finetune.json) for LLM training
  • Chain-of-custody procedures and legal compliance documentation per module
  • WPA2/WPA3 wireless reconnaissance, handshake capture, and key cracking workflows

Progress

Module content (42 modules)75%
Python/Bash scripts60%
AI fine-tuning dataset40%
GNURadio flow graphs55%
Legal & compliance docs35%

Research areas

OSINT & Entity Graphs

Graph-theoretic open-source intelligence: automated relationship inference, Neo4j schema design, and adversarial data collection pipelines.

LLM-Assisted Forensics

Applying large language models to digital forensics workflows — chain-of-custody-safe evidence summarisation, anomaly flagging, and report generation.

Adversarial ML Defences

Red-team testing of production ML pipelines: prompt injection, model inversion, and membership inference — with corresponding mitigations.

Papers & Guides →API & Inference →Blog →