Skip to content
S scriptkittens

I'm a nurse.
I'm a pentester.
I'm a developer.

Not was. Not used to be. All three, at the same time, on purpose. I build tools, find vulnerabilities, and write about both.

Read the blog About me
i built this

Things I built to fit my flow.

crawlofduty

2026

it recursively checks if you can write to shares. or yolo and get everything. that's it.

Go Smb Open Source

altered-state

2026

you broke the domain. altered-state doesn't care: snapshot, diff, fix, done. reset...reconfigure...replay!

Rust Active Directory LDAP Open Source
View all tools
story of gato

Nurse. Pentester. Developer.
All three. On purpose.

Almost two decades of reading systems under pressure. First in clinical care, now in security. The pattern recognition doesn't change, just the systems being interrogated.

The combination of everything I know is how I work on the problems that actually matter.

More about me

A few things about me.

18+ yrs nursing experience

OSCP & CPTS

Published CVEs

US

what i've been doing

From the case files

Two Sinks, One Shell: OS Command Injection in ZoneMinder

ZoneMinder's event export concatenates monitor names directly into shell commands. One unsanitized source, two exec() sinks, and a payload that someone else can trigger for you.

I investigato
2 min read
vulnerability-research php command-injection zoneminder rce

I Found a File Read Nobody Was Looking For

A path traversal in Camaleon CMS that only triggers under a weird combination of Rails 8, the Solid trio, and an S3 backend. Found by accident. Reproduced through stubbornness.

I investigato
2 min read
cve ruby path-traversal camaleon-cms vulnerability-research
View all posts
Let's talk

Looking for someone who thinks differently?

Eighteen years of high-stakes clinical work on top of offensive security credentials is a rare combination. If that matters to your team, I'd like to hear from you.

Get in touch More about me