Skip to content
View Karmaz95's full-sized avatar
🍎
🍎

Organizations

@afine-com

Block or report Karmaz95

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Karmaz95/README.md

πŸ‘¨β€πŸ’» Β About Me

I am a passionate Offensive Security Engineer from afine, committed to finding πŸ‘Ύ bugs and developing πŸ€– software that enhances our work in security. My main areas of interest are 🍎 macOS internals and πŸ•ΈοΈ web application security. I also have experience in πŸ’  Active Directory and creating 🦠 malware to bypass πŸ›‘οΈ EDRs.


πŸ”­ Projects I am proud of

I created some tools helpful for Offensive Security work, but there are two that I am the most proud of, they are:

  • Crimson - this was my first big thing. Currently, I am not focusing on this tool. However, it is still powerful. My friends and I are using it to this day. This is also a great place to start your journey with Application Security.
  • Snake&Apple - The code repository for the Snake&Apple article series documents my macOS security research.

πŸ› CVE I am proud of

As my daily work and some part of my free time research, I am looking for bugs πŸ›. I have caught many of them so far, and some have even received a public CVE. I am particularly proud of these two:


πŸ“– Blog & YT

In my free time, I also run a blog. Recently, I decided to post Proof of Concepts as short recordings on my YouTube channel. You can subscribe to me using the banners below to receive notifications of the latest blogs or videos.

Medium YouTube Channel Subscribers


πŸŽ–οΈ Certs & CTFs & Courses

I have participated in multiple CTFs, completed various courses, and obtained certifications through various platforms. Below are links that demonstrate some of these small accomplishments:

  • Certs - OSCEΒ³, eWPTxv2, OSCP, OST2-Arch1001
  • Pentesterlab - various web hacking courses & CTFs.
  • RPISEC/MBE - Modern Binary Exploitation - CSCI 4968
  • HTB - CTFs & Pro Labs
  • CS50 - Harvard University - Introduction to Computer Science

πŸ“« Social Media

You can reach me on any of the platforms below. I also share new articles there, so you can stay up-to-date by following me.

X LinkedIn Mastodon


πŸ’° Funding

If you enjoy my work and want to help me grow, you can sponsor me using any of the below options:

Github-sponsors Patreon BuyMeACoffee

❗By subscribing to my Patreon, you will receive access to all of my published articles.

Pinned Loading

  1. Snake_Apple Snake_Apple Public

    Articles and tools related to research in the Apple environment (mainly macOS).

    Python 106 5

  2. crimson crimson Public

    Web Application Security Testing Tools

    Python 236 50

  3. evasion evasion Public

    AV EVASION TECHNIQUES

    C# 74 15

  4. crimson_lisp crimson_lisp Public

    Linux Post-Exploitation tools wrapper

    Shell 20

  5. crimson_wisp crimson_wisp Public

    Windows Post-Exploitation tools wrapper

    PowerShell 11 1

  6. crimson_cracking crimson_cracking Public

    All around cracking wordlist.

    26 5