Zhangir Ospanov

27 posts

Zhangir Ospanov banner
Zhangir Ospanov

Zhangir Ospanov

@s0ld133rr

I am a cybersecurity researcher, with a passion for Red Team, MalDev & Threat Hunting/Threat Intelligence.

Katılım Nisan 2023
78 Takip Edilen19 Takipçiler
Zhangir Ospanov
Zhangir Ospanov@s0ld133rr·
🧵 PentestCode v0.2.2 — a token-efficiency release. The AI pentest agent got leaner without getting dumber. ⚙️ The deterministic orchestrator is now ON by default. The coordinator dispatches subagent waves through a rolling pipeline — a slot refills the instant one finishes, so you get bounded concurrency with full depth. Real multi-host pivot run: -87% provider overloads. 💸 Cheap-model offload. Big raw tool dumps (nmap/nuclei/gobuster) get digested by a small model before they hit the transcript — the raw output stays retrievable by ref, and reasoning always runs on your main model. Turn it on with /small-model (or the small_model config key). 🧠 Smarter, cheaper loops: • resolved-vectors ledger — the agent stops re-testing dead ends • per-provider concurrency cap — no more 429/529 storms on fan-out • objective-based task prompts + cached system prefix = smaller context every turn 🎛 You stay in control: • abandon a subagent (let it finish) vs kill (hard-stop, reclaim tokens) • orchestrator off-switch: OPENCODE_DISABLE_ORCHESTRATOR=true • tune fan-out: OPENCODE_ORCHESTRATOR_CONCURRENCY (default 3) github.com/s0ld13rr/pente… And yes, now it’s in beta stage - not alpha anymore 👾
Zhangir Ospanov tweet media
English
0
0
0
65
Zhangir Ospanov
Zhangir Ospanov@s0ld133rr·
PentestCode v0.2.1 is out! 👾 This release is mostly about making the agent behave more like a real penetration tester than an LLM with tools. Highlights: • Better subagent orchestration and visibility • Mandatory just-in-time skill loading across all subagents • Smarter coordinator delegation • Improved upgrade flow and TUI polish • Simplified updates - use pentestcode upgrade to install both agent and skill updates Still alpha, but every release is making the architecture more solid. Feedback is always welcome! 🚀 github.com/s0ld13rr/pente…
English
1
1
4
136
GitHub Projects Community
GitHub Projects Community@GithubProjects·
_________________ ___________ | Share your GitHub profile | | ___________________________| ¯\_(•‿•)_/¯
English
755
14
760
95K
Zhangir Ospanov
Zhangir Ospanov@s0ld133rr·
Lately I’ve been exploring AI tooling for Offensive Security. After trying a bunch of existing projects, I realized I wanted something with a different workflow and architecture. So I started building PentestCode - a fork of OpenCode focused on penetration testing. Current work includes shared engagement state, task planning, automatic parsing of common security tools, attack path generation and cross-agent memory. Still very early, but I’d love to hear your feedback. github.com/s0ld13rr/pente…
Zhangir Ospanov tweet media
English
1
2
1
312
Zhangir Ospanov retweetledi
7h3h4ckv157
7h3h4ckv157@7h3h4ckv157·
90+ recon modules 48 secret-regex patterns 80+ dorks 9 read-only credential validators 27 attack-path templates 5,500+ lines of structured tradecraft. Might be helpful. Try: github.com/elementalsouls…
7h3h4ckv157 tweet media
English
7
221
1.2K
61.7K
tuckner
tuckner@tuckner·
@HackingLZ No one has started to look at hooks afaik
English
1
0
3
221
Clandestine
Clandestine@akaclandestine·
GitHub - s0ld13rr/claude-code-backdoor: Backdooring Claude Code via hooks in settings.json. Authorized use only! · GitHub github.com/s0ld13rr/claud…
English
2
38
158
17.9K
Zhangir Ospanov
Zhangir Ospanov@s0ld133rr·
Next one from my blog - Claude Code as Initial Access & Persistence vector I found that Claude Code Hooks are the good way to achieve initial access inside infrastructure 😉 Post: s0ld13r.kz/posts/claude-c…
Zhangir Ospanov tweet mediaZhangir Ospanov tweet mediaZhangir Ospanov tweet media
English
0
0
1
65
Zhangir Ospanov
Zhangir Ospanov@s0ld133rr·
I had long been interested in how legitimate AI agents could be “weaponized” for Red Team and adversary emulation tasks while remaining as inconspicuous as possible, as result I created Living of the Land AI: lolai-project.github.io #apt #redteam #threats
Zhangir Ospanov tweet media
English
1
0
2
121
Zhangir Ospanov
Zhangir Ospanov@s0ld133rr·
Signed KuGou binary abused as a trusted loader via DLL sideloading Attack chain: .bat → bridge_plugin_host_x64.exe (signed) → dsp_bridge_x64.dll → abc.bin EXE loads a DLL from its working directory (user-writable path). #DLLSideLoading #LOLBins #Malware #APT
Zhangir Ospanov tweet mediaZhangir Ospanov tweet mediaZhangir Ospanov tweet mediaZhangir Ospanov tweet media
English
1
0
1
135