Browser exploit chains, post-exploitation techniques, and security assessment tooling
This repository contains security research across browser exploit development, vulnerability analysis, and defensive security assessment. Research covers Chrome (V8, Blink, Skia, ANGLE) and Firefox (SpiderMonkey, Gecko) vulnerabilities from 2024-2026.
| CVE | Target | Technique | Level |
|---|---|---|---|
| CVE-2024-0517 | Chrome V8 | Maglev OOB Write | ACE |
| CVE-2024-1939 | Chrome V8 | Wasm S128 Type Confusion | ACE |
| CVE-2024-5830 | Chrome V8 | Object Transition Confusion | ACE |
| CVE-2024-9680 | Firefox | Animation Timeline UAF | UAF |
| CVE-2024-29943 | Firefox | JIT Range Analysis | ARW |
| CVE-2025-4919 | Firefox | IonMonkey BCE | ARW |
| CVE-2025-13223 | Chrome V8 | Property Array Confusion | ARW |
| CVE-2026-2441 | Chrome CSS | FontFeatureValuesMap UAF | UAF |
| CVE-2026-2795 | Firefox | Wasm GC UAF | ACE |
| CVE-2026-3909 | Chrome Skia | Glyph Atlas OOB Write | OOB |
ACE Arbitrary Code Execution ARW Arbitrary Read/Write UAF Use-After-Free Primitive OOB Out-of-Bounds Trigger Crash/PoC
Invisible Deployment Orchestration Layer — 8-component educational worm PoC demonstrating credential harvest, CLI interception, persistence, lateral movement, C2 beaconing, polymorphic payload generation, and organizational spread. All components are read-only and non-destructive.
Lightweight authenticated command relay for cross-platform exploit testing. HMAC-SHA256 auth, TLS, background command execution, file upload/download. Pure Python, zero dependencies.
12,500+ line Streamlit dashboard analyzing the Databricks Apps security model. Covers architecture gaps, attack scenarios, browser CVE implementations, obfuscation techniques, post-exploitation impact, and the I.D.O.L. worm architecture. Demonstrates why human-in-the-loop code review is the primary control for preventing malicious app deployment.
Open Interactive Dashboard → (runs in-browser via WebAssembly)
Research methodology, patch analysis, exploit chain architecture, AI-accelerated exploit development pipeline, pre-exploitation obfuscation techniques, and post-exploitation impact analysis.
Disclaimer: This repository is for authorized security testing, defensive research, and educational purposes only. All exploit code targets specific, already-patched browser versions. Do not use against systems you do not own or have explicit authorization to test.