00.0 Security · Product · Index

Cybersecurity
entrepreneur.

I've been writing code for 10 years and breaking into systems for the last 3. OSCP certified, built vulnerable machines for OffSec Proving Grounds. Now I'm on the other side — building security products for companies that actually need them.

Years pentesting01

3+ yrs

web, mobile, AD, network assessments

Certification02

OSCP/ OffSec

web · mobile · AD · network

OffSec machines03

7/ PG

7 machines, 4 CVE-based scenarios

Products shipped04

2/ 1 live

VulnTracker · landingvideo (retired)

Twitter GitHub LinkedIn Email

01 Products

Things I shipped.

§ 01 · 2 products

▲ Flagship · Security SaaS

VulnTracker.io

Live 2026

Automated vulnerability tracking for security teams. Continuous visibility across your stack — from disclosed CVEs to the patch landing in production.

Visit ↗

✕ Retired · Micro-SaaS

landingvideo.com

2026 Offline

Landing page → promo video in 30 seconds. Shipped in 2026, shut down shortly after — lessons stayed, the domain didn't.

02 Research

Vulnerable machines I designed.

Seven vulnerable machines shipped to OffSec Proving Grounds — each a chained exploit scenario, designed to teach the path from foothold to root.

§ 02 · 7 machines

Index · OffSec Proving Grounds N° · DATE

01 CVE-2026-32136 Unauthenticated h2c upgrade smuggling in AdGuard Home (< 0.107.73) — HTTP/2 streams after the upgrade skip the auth middleware. Exfiltrate SSH creds from custom filtering rules, then GTFOBin wget --use-askpass NOPASSWD → root. Apr 2026 pending

02 CVE-2026-27734 Authenticated path traversal in Beszel hub-to-agent proxy (< 0.18.4) — read-only any-role attacker queries the local Docker Engine API through unvalidated container param. Leak SSH creds from container labels, privesc via docker group -v /:/host chroot → root. Apr 2026 pending

03 CVE-2026-24848 Unauthenticated arbitrary file write in OpenEMR 7.0.3 disposeDocument() → webshell RCE, then tar wildcard injection in a root cron → root. Mar 2026 pending

04 CVE-2024-53376 Machine built around the CVE-2024-53376 disclosure — command injection via the phpSelection field in CyberPanel, unauthenticated request → root. Feb 2025 ↗ 05 Leyla SSTI chained with a WordPress plugin flaw CVE-2024-8352 — directory traversal in the Social Web Suite plugin, then privesc to root. Dec 2024 ↗ 06 Jordak Exploitation of CVE-2023-26469 on an exposed service, followed by privilege escalation via SUDO permission abuse. Sep 2024 ↗ 07 Vmdak Web enumeration and exploitation, MySQL enumeration, and a chained local privilege escalation path. Aug 2024 ↗

03 Bio

About.

§ 03 · essay

Hey, I'm Ali. I'm a software developer and security researcher with 3+ years of experience in web and mobile security, local network assessments, and Active Directory exploitation. I worked at startups and a telecom company.

OSCP certified. I build vulnerable machines for OffSec Proving Grounds.

Now I'm turning my security work into products by building a cybersecurity company.

04 Dispatch

Build-in-public.

Notes from an indie founder. Occasional, when there's something worth saying.