[ Security research ]
& /recon_playbooks
Public research on Android internals, malware analysis, web recon, and LLM bug bounty methodology — published at stackntrace.dev.
Research notes, reproducible playbooks, and isolated lab targets.
I publish as helllguest at stackntrace.dev — long-form posts on Android platform security, malware triage, exploitation, and web attack-surface analysis.
Recent work includes the Web Recon Playbook series and an LLM Bug Bounty Playbook. This domain hosts an authorized research lab for hands-on drills.
Active Intelligence Projects
stackntrace.dev
Security research blog — Android internals, malware analysis, reverse engineering, web recon playbooks, and LLM bug bounty methodology. Open source, no analytics.
Web Recon Playbook
Multi-part command-first series: fingerprinting, OIDC metadata, subdomain takeover, GraphQL surface testing, and ffuf/Nuclei active recon.
apk-triage
CLI for fast Android APK triage — manifest, permissions, exported components, native libs, and suspicious strings before you open a disassembler.
helllguest Research Lab
Isolated drill environment on this VPS — Juice Shop API targets, Keycloak OIDC flows, staging misconfigs, and static recon surfaces. Authorized testing only.
Interact with the core.
Live status for the authorized research lab on this host. Targets run in Docker behind Caddy with Cloudflare at the edge.
Found a bug? Or want to collaborate?
For security disclosures, professional inquiries, or research partnerships, reach out via the secure channels below.