4. Security & Compliance

Guide for researching PCIe DMA attacks using FPGA hardware, covering techniques, pcileech, and firmware development for security analysis.

Guide to game hacking techniques including memory manipulation, code injection, and ESP/aimbot development.

Provides architectural guidance for authentication and authorization modules, including IAM integration, RBAC implementation, and OAuth flows for secure access control.

Guides secure credential management architecture including encryption, authorization, and access control for password, SSH, and token types.

Manages IAM RBAC permission model changes including resource type definition, permission configuration, migration scripts, and callback implementation.

Provides a guide for implementing JWT security authentication, covering token generation, validation, refresh, permission checks, and OAuth2 integration.

Provides guidance for implementing audit logging to track user operations, sensitive actions, and fulfill compliance requirements.

Provides security best practices for Exceptionless codebase including secrets management, input validation, and secure defaults to avoid common vulnerabilities.

Audits security and supply-chain risks by comparing code changes between two Git references for pre-release validation.

Security-first PR review checklist targeting auth, sensitive data, supply-chain risks, and performance while avoiding UI nitpicks.

Provides MITRE ATT&CK-based red team tactics covering attack phases, detection evasion, and reporting methodologies.

Performs advanced vulnerability analysis using OWASP 2025 standards, including supply chain security assessment and attack surface mapping for risk prioritization.

Provides evidence-driven Java security audits, converting conclusions into reproducible evidence and measurable coverage metrics.

Provides domain-specific token dictionaries to enhance security testing via fuzzing of parsers, protocols, and format-specific code.

Scans Algorand smart contracts for security vulnerabilities including rekeying attacks and access control issues, aiding in project audits.

Analyzes ERC20/ERC721 token implementations for security compliance, checks for vulnerabilities, and assesses contract composition and owner privileges.

Creates custom Semgrep rules to detect security vulnerabilities and bug patterns in code for enhanced code auditing and security analysis.

Detects memory errors such as buffer overflows and use-after-free in C/C++ code during fuzzing to enhance security.

Scans Solana/Anchor programs for critical security vulnerabilities including arbitrary CPI and improper PDA validation during smart contract audits.

Provides test vectors to validate cryptographic implementations against known attacks and edge cases.

Provides techniques for crafting effective fuzzing harnesses to test software security across multiple programming languages.

Coverage-guided fuzzing tool integrated with LLVM to automatically detect security vulnerabilities in C/C++ code via random input testing.

AFL++ enhances security testing with multi-core fuzzing capabilities for C/C++ applications to uncover vulnerabilities.

Scans TON smart contracts for critical security vulnerabilities in FunC code.