Security researcher and tool developer building local-first systems for network deception, document intelligence, LLM runtime monitoring, and adversarial simulation. Stack: Python, FastAPI, SQLite, Linux, C.
Self-taught. No lab access, no team, no institutional backing. Everything here started as friction — and became a tool.
Part of the badBANANA collective — a one-person operation that treats security research as a craft, not a career move.
| tool | what it does |
|---|---|
| LANimals | Local network deception platform. Discovers hosts, scores behavioral risk, deploys honeypot traps, assigns adversarial personalities to targets, force-directed graph UI. |
| Lune | 64-module adversary simulation framework for controlled research environments. Encrypted C2, LLM mutation engine, unified persona system. |
| zer0DAYSlater | Post-exploitation research framework. LLM-driven operator, session drift monitoring, entropy capsule, mTLS mesh with ephemeral NaCl keypairs. Authorized environments only. |
| drift_orchestrator | Runtime drift control for LLM sessions. SQLite flight recording, semantic embeddings, composite density scoring, hysteresis policy engine. |
| OpenSight | Document intelligence and OSINT platform. Entity extraction, typed knowledge graph, investigation bundles, demonstrated on FBI corpus. |
| SHENRON | Synthetic adversarial telemetry pipeline. 49-layer mutation engine, Sigma rule evaluation, detection validation, HTML reports. |
| LANIMORPH | LAN-aware morphing payload system. Per-subnet XOR mutation, personality-driven selection, sealed mesh exports. |
| PHANTOM | Honeypot fingerprinting layer. Identifies Cowrie, Kippo, OpenCanary, Thinkst and 4 others. Extends Decoy-Hunter. |
| Decoy-Hunter | Advanced decoy detection toolkit. Foundation layer for PHANTOM's fingerprinting stack. |
| reflexive-identity | Zero-trust AI agent framework. Self-authentication, integrity monitoring, and autonomous privilege revocation. |
| Blackglass_Suite | Offline AI-powered payload mutation, scoring, and stealth delivery. Runs in Termux and Linux — no network required. |
| bad_BANANA | Field-ready, no-root offensive toolkit for Android (Termux) and Debian. |
| pwn | Modular penetration testing platform. Interactive network recon, native ASCII dashboards, dynamic payload management. |
| chain | Mutation engine and lineage tracker. DNA-style payload evolution with XP system and replay. |
| aliasOS | Textual TUI for managing operator shell aliases. Browse, CRUD, health check, history mining, gap analysis. |
| devto-botnet-hunter | DEV.to coordinated follow network investigator and deep forensics engine. |
| drift-artifact | Stylometric drift experiment. Documents that demonstrate iterative authorship instability as their own argument. |
| OWN | Adaptive offensive/payload framework and execution layer. |
VERIFIED // GnomeMan4201
──────────────────────────────────────────────────────────────────
GitHub Stars 41 across 27 public repos
GitHub Forks 5 drift_orchestrator · LANimals · zer0DAYSlater ×3
GitHub Followers 101 organic
Contributions 921 last 12 months
──────────────────────────────────────────────────────────────────
Dev.to Followers 2,987 gnomeman4201
Dev.to Articles 42 published
Dev.to Views 7,597 total reads
──────────────────────────────────────────────────────────────────
Lune Tests 92 passing — CI green
OpenSight Tests 52 passing — CI green
aliasOS v1.0.0 296 aliases · live demo
──────────────────────────────────────────────────────────────────
every number above is verifiable.
──────────────────────────────────────────────────────────────────
methodology: necessity-driven development
build when friction exceeds build cost
publish when the work can stand alone
──────────────────────────────────────────────────────────────────
| repo | build |
|---|---|
| LANimals |  |
| Lune |  |
| drift_orchestrator |  |
| zer0DAYSlater |  |
| OpenSight |  |
| chain |  |
| aliasOS |  |
dev.to/gnomeman4201 — 42 articles. Adversarial tooling, LLM security, network deception, platform analysis, and the philosophy behind building in the open under a pseudonym.
preferred: GitHub issues / security advisories
writing: dev.to/gnomeman4201
PGP: 324C 4301 54C2 3C8E 3956 1B10 0CFD 6761 AA75 4969
github.com/GnomeMan4201.gpg
