Skip to content
View KatrielMoses's full-sized avatar
7 followers · 0 following

Achievements

Achievement: Pull SharkAchievement: StarstruckAchievement: YOLO

Achievements

Achievement: Pull SharkAchievement: StarstruckAchievement: YOLO

Block or report KatrielMoses

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
KatrielMoses/README.md
Typing SVG 


 ▄    ▄   ▄▄  ▄▄▄▄▄▄▄ ▄▄▄▄▄  ▄▄▄▄▄  ▄▄▄▄▄▄ ▄             ▄    ▄  ▄▄▄▄   ▄▄▄▄  ▄▄▄▄▄▄  ▄▄▄▄ 
 █  ▄▀    ██     █    █   ▀█   █    █      █             ██  ██ ▄▀  ▀▄ █▀   ▀ █      █▀   ▀
 █▄█     █  █    █    █▄▄▄▄▀   █    █▄▄▄▄▄ █             █ ██ █ █    █ ▀█▄▄▄  █▄▄▄▄▄ ▀█▄▄▄ 
 █  █▄   █▄▄█    █    █   ▀▄   █    █      █             █ ▀▀ █ █    █     ▀█ █          ▀█
 █   ▀▄ █    █   █    █    ▀ ▄▄█▄▄  █▄▄▄▄▄ █▄▄▄▄▄        █    █  █▄▄█  ▀▄▄▄█▀ █▄▄▄▄▄ ▀▄▄▄█▀
OS: Operator & Researcher
Role: Principal Security Engineer
Focus: OSS Audits / CVE Disclosure
Method: Manual review -> private report -> patch
email linkedin cves

As the Principal Security Engineer for India's leading enterprise networking stack, I architect robust defense systems and lead comprehensive security initiatives.
In my independent research, I focus on identifying critical vulnerabilities within widely adopted open-source ecosystems.
My methodology is meticulous: conduct deep-dive manual analysis, securely report findings with actionable proofs-of-concept, and coordinate responsible disclosure to ensure the broader community remains secure.



> ~/stats

audited projects CVEs filed RCE chains largest target
18 45+ 8 23k stars

> ~/tools 

$ open MailAccess
MailAccess
Self-hostable email OSINT platform for mapping exposure across 800+ platforms, breach sources, DNS records, and the open web.

Python OSINT 
$ open VoidAccess
VoidAccess
Dark web threat-intelligence platform with Tor search, entity extraction, relationship graphing, and STIX 2.1 / MISP / Sigma export.

Go Docker

> ~/advisories

project advisory severity class
algernon CVE-2026-43981 High Race condition, DoS via shared LState
algernon CVE-2026-43982 High Path traversal file write via savein()
quark-auto-save CVE-2026-45228 Medium Stored XSS via System Configuration
quark-auto-save CVE-2026-45229 High Mass assignment, credential takeover
claude-hud CVE-2026-47090 Low Terminal injection via OSC 8 hyperlinks
claude-hud CVE-2026-47091 Medium Path traversal via transcript_path
claude-hud CVE-2026-47092 High Arbitrary command execution via COMSPEC

25+ more in pipeline. Published advisories live at github.com/KatrielMoses/cves.


> ~/audit-offer 

free security audits for open-source projects

deliverables
  ├── full manual source-code audit
  ├── private report with working proof-of-concept
  ├── CVEs filed and advisories published after fixes are live
  └── certificate confirming the project was reviewed and patched

condition
  └── the project has to be open source

turnaround
  └── one weekend, two at most

[ responsible disclosure ]     [ fix first ]     [ publish after ]

Pinned Loading

  1. voidaccess voidaccess Public

    Self-hosted dark web OSINT platform. Automated threat intelligence from query to graph in 13 steps. Free alternative to Recorded Future, DarkOwl, and Flare.

    Python 72 17

  2. MailAccess MailAccess Public

    Free email OSINT tool, 800+ platforms, identity clustering, breach detection. No API keys required. pip install mailaccess

    Python 86 7

  3. CVEs CVEs Public

    Writeup for CVEs

    4

  4. xyproto/algernon xyproto/algernon Public

    Small self-contained pure-Go web server with Lua, Teal, Markdown, Ollama, HTTP/2, QUIC, Redis, SQLite and PostgreSQL support ++

    JavaScript 3k 146

  5. urwid/urwid urwid/urwid Public

    Console user interface library for Python (official repo)

    Python 3k 334

  6. Cp0204/quark-auto-save Cp0204/quark-auto-save Public

    夸克网盘签到、自动转存、命名整理、发推送提醒和刷新媒体库一条龙

    Python 2.8k 392