ROBINX0
OFFENSIVE SECURITY · RED TEAM

IRFANUL MONTASIR.

OFFENSIVE SECURITY ENGINEER // SHORBORNO HOLDINGS // DUBAI, UAE

I work in offensive security - penetration testing, Active Directory exploitation, EDR bypass & AV evasion, source-code review, and building open-source offensive tooling for authorized engagements at Bangladesh's largest telco.

Read writeups About
OPERATOR-PROFILE.ini
name Irfanul Montasir
handle robinx0
role Offensive Security Eng.
company Shorborno · Grameenphone
location Dubai, UAE · UTC+4
education B.Sc. CSE · IIUC '23
status open to collab
robinx0 robinx0 robinary
CLICK CARD TO VIEW PHOTO
IM
ROBINX0
CLICK TO FLIP BACK ↻
75+
Machines pwned
06
Certifications
OSCP · CRTO · CPTS
eWPTX · eCPPT · eJPT
04
HTB pro labs
APT · Dante · Rasta · Asc.
#1·#2
CyberDrill ntl.
#31
BlackHat MEA '23
02
Publications
Featured projects
Open-source releases & research I'm shipping
All projects →
Lacunex CE
LACUNEX · 2026
RELEASE

The Community edition holds Local-first desktop report builder for pentesters, auditors, and consultants. Block editor, severity-aware findings, 10 ready-made templates, 6 cover designs, optional local Ollama AI. Exports to PDF, HTML, Markdown, Word, and JSON. Reports stay on your machine - no cloud, no telemetry, no account.

  • Local-first pentest report builder
  • Block-style editor for findings and evidence
  • Severity-aware vulnerability tracking
  • Built-in report templates for audits, incidents, and exams
  • One-click export to PDF, HTML, Markdown, DOCX, and JSON
  • Custom cover pages with live preview
  • Screenshot and attachment handling
  • Optional local AI assist through Ollama
ElectronReactViteTypeScript
#pentest#reporting#audits#local-first#security-tooling
allspray
ALLSPRAY · 2026
RELEASE

Web-based SSH credential spray and post-exploitation tool. CSV-driven scan, dedicated PE tab, AutoRoot with command placeholders, air-gapped compatible. Currently at v5.2.

  • FastAPI + WebSocket backend
  • CSV target ingestion
  • AutoRoot with _CMD_ placeholder
  • Air-gapped deployment
PythonFastAPIJavaScript
#red-team#ssh#post-exploitation
Recent writeups
Technique & methodology walkthroughs
View all →
#001 Apr 19
AD Privilege Escalation Primitives: Kerberoasting, Shadow Credentials, RBCD, Injection, and BOFs
HARDRED TEAM OPS
#002 Apr 18
Server-Side Web Pentest Playbook: Prototype Pollution, OAuth Flaws, SQLi-to-RCE, and SSRF
HARDWEB EXPLOITATION
#003 Apr 17
The Userland EDR Bypass Stack: Unhooking, Syscalls, ETW/AMSI, and Kernel Callbacks
ELITEEDR BYPASS
#004 Apr 17
Building a C2 Stack: Implants, BOF Loaders, Redirectors, and DoH Channels
HARDC2 DEVELOPMENT
#005 Apr 16
DCSync and DCShadow: Abusing Replication Rights for Credential Theft and Persistence
HARDRED TEAM OPS
#006 Apr 14
Hardware Breakpoint Hooking: Bypassing Inline EDR Hooks Without Touching Memory
ELITEEDR BYPASS
Browse by category
RED TEAM OPS 4 WEB EXPLOITATION 3 EDR BYPASS 4 C2 DEVELOPMENT 3 NETWORK SECURITY 6 MALWARE ANALYSIS 6 MOBILE SECURITY 5 BINARY EXPLOITATION 5 CERT REVIEWS 3 CTF WRITEUPS 5