Security researcher and red teamer.

Focused on Windows internals, malware development, and the attack surface of AI coding tools. Published findings across Claude Code and Windsurf, and disclosed remote code execution vulnerabilities in open-source services.

AI Security Windows Internals Malware Development Vulnerability Research

View Research Resources

Featured Research

all research →

PAPERS · Apr 2026

Research Paper: A Layered Risk and Controls Framework for Prompt Injection

Ten-layer decomposition of the enterprise AI tool execution path with threats, controls, and published efficacy at each layer.

AI SECURITY · Apr 2026

Zomato MCP: OAuth Scope Parameter Silently Rewritten, Not Enforced

The OAuth server fronting Zomato's MCP endpoint rewrites the scope request and issues tokens labeled 'offline openid' that nonetheless call every MCP tool, including checkout_cart. The advertised mcp:tools / mcp:resources / mcp:prompts scopes are never enforced at the application layer.

AI SECURITY · Apr 2026

Claude Code Finding 5: Permission Deny Bypass via Script Write and Execute

Claude Code's Bash permission deny rules can be completely bypassed by writing denied commands into a script file and executing it. The parser evaluates only the script path, not its contents. Five explicitly denied commands executed and exfiltrated data to an external endpoint.

Tools

all tools →

TOOL · Apr 2026

mcp-recon: A Reconnaissance Scanner for MCP Servers

An open-source CLI that fingerprints Model Context Protocol servers and flags behavior patterns associated with publicly disclosed vulnerability classes. Think nmap for MCP.

TOOL · Apr 2026

CVE-Dedup-Checker: Parallel Duplicate Checks Across Free Vulnerability Databases

An open-source CLI that queries NVD, OSV, GitHub Advisories, WPScan, Patchstack, CISA KEV, and Exploit-DB in parallel so you can check for duplicate findings before submitting a CVE.

TOOL · Feb 2026

Stego-Drop: Hiding Shellcode in PNG Images with LSB Steganography

A walkthrough of building stego-drop, a Python LSB steganography tool for embedding shellcode and binary payloads into PNG images.

TOOL · Feb 2026

Win-Enum: Windows & Active Directory Auto-Enumerator

A Python tool to automate Windows and Active Directory enumeration for penetration testing and OSCP preparation.

Resources

offensive reference material

OFFENSIVE SECURITY BOOK

The Offensive Security Field Manual

A practical reference for penetration testing and red team engagements, indexed commands, variable glossaries, and decision trees for time-pressured ops.

book.jashidsany.com →

AI SECURITY BOOK

AI Security Reference

Research-backed reference on AI coding tool vulnerabilities, prompt injection, model exploitation, and attack surfaces in modern AI-assisted development.

ai-book.jashidsany.com →

Practice

visit site ↗

FOUNDER · VA, USA

Advent Cybersecurity

A security consultancy delivering penetration testing, red team engagements, and security architecture review. Also building AI-powered pentest management software for internal and external assessment workflows.

Penetration Testing Red Team Security Architecture Review Pentest Management Software

adventcybersecurity.com ↗