Security Engineering Researcher focused on exploiting, malware analysis, backend systems, AI, and custom security tooling.
Building things for people who are tired of tab graveyards, broken context, and tools that almost work.
I move between:
- reverse engineering
- malware analysis
- offensive security
- backend engineering
- AI-assisted workflows
- custom tooling for people doing real work under pressure
I like building systems that feel cohesive from end to end:
- one trail of evidence
- one operator-facing surface
- less context loss between tools
- more things you can actually script, automate, or trust
Most of my heavier work is private, client-bound, experimental, or simply not ready for daylight yet.
If you're a recruiter, interviewer, or security lead and want a clearer picture of what I build, feel free to reach out.
That also includes private work I can reference at a high level, but not crack open in public without stepping on the wrong toes.
Private/internal threads that matter:
- Job-Sniper — backend-heavy automation, AI-assisted workflows, and internal tooling.
- hexstrike-docker — container and MCP-oriented integration work around operator tooling.
- LinkedIn-Easy-Apply-Bot / searchmeajobBot — job automation experiments, scraping flows, and workflow design.
- openvpn-frontend — older control-surface and infrastructure experimentation that still says something about how I build.
GhostTrace is the project that best represents where my head is right now.
Reverse engineering with operator-grade workflows, debugger context, sandbox trails, and less tab graveyard energy.
It brings together:
Ghidraaasfor static analysis- local
Ollamafor reasoning - persistent triage per sample
- a reproducible Windows lab with SSH
- an
x64dbgbridge that feeds debugger context back into the same workspace
Links:
- Repo: ghosttrace-lab
- Landing: ghosttrace-lab/en
- Landing (ES): ghosttrace-lab/es
I also spend time on Job-Sniper private repos inside its organization.
That work stays off the public stage for obvious reasons, but it sits in the same lane: backend-heavy systems, automation, AI-assisted workflows, and tooling built to do real work instead of just looking clever in screenshots.
There are a few other private lines of work that don't get a public repo tour, but still matter to the picture:
- hexstrike-docker for containerised operator tooling and MCP-facing workflows
- LinkedIn-Easy-Apply-Bot and searchmeajobBot for automation experiments around job systems
- openvpn-frontend as older but still telling infrastructure/tooling work
| Project | Why it matters |
|---|---|
| ghosttrace-lab | AI-assisted reverse engineering workbench with Ghidraaas, Ollama, Windows sandboxing, and debugger-aware workflows. |
| BloodMoonPZ / PZServer | Legacy Project Zomboid server engineering work. Archived and discontinued now, but still left public and usable as-is. |
| CLI-Anything | Agent-native CLI exploration track I am following because I care about where AI tooling is going next. |
| LAN_Enumeration_and_Reconnaissance_Tool | Recon and enumeration tooling focused on practical network visibility. |
| paginaSantuarioDana | Volunteer web work built to support animals affected by the Dana disaster in Valencia. |
| Tor-AttackTools | Lab-style offensive infrastructure and routed tooling for controlled security research. |
Not every public repo needs the front seat, but some of them still help explain the shape of the work:
- Remote-Admin-Tool — rougher offensive tooling territory
- GoKeylogger — old proof-of-concept territory, part of the roots
- PythonCrypter — small crypto utility work
- ScriptCollection and fsdenv — quality-of-life shell and dev environment tooling
- terraform-aws-samples — infrastructure-as-code samples from the DevOps side
- X-Force-Analysis, VirusTotalScreenShot, AbuseIPdbSCAN, and nmapListScanner — smaller security utilities, API integrations, and scanning helpers
Some are sharper than others. Some are older than they should be. All of them tell part of the story.
Not everything worth showing is still under active development.
Some work gets released, frozen, and left standing because it can still be useful even after the roadmap dies.
BloodMoonPZ falls into that bucket: discontinued, no longer maintained, but still public and usable for anyone who wants to inspect it, run it, or fork it.
I’m not interested in pretending the old scene never happened.
Those roots shaped how I think about security, tooling, and culture.
Former global moderator of two historic Spanish-speaking hacking forums:
-
Hack x Crack Legendary. Domain gone, memory intact.
Archive: web.archive.org / hackxcrack -
Underc0de Still alive, still moving.
Profile: underc0de.org
That background taught me to value tools that are:
- sharp
- usable
- grounded in reality
- built by people who have actually needed them
- Exploiting
- Malware analysis
- Reverse engineering
- Threat research
- Windows internals
- Backend systems
- Security APIs
- DevSecOps automation
- Hardened infrastructure
- Custom red/blue team tooling
- Local-first AI workflows
- Practical model integration
- Operator-facing assistants
- Tooling that uses AI without becoming slop
Main languages and tools:
- Python
- Go
- PowerShell
- Bash
- Docker
- Windows
- Linux
- LinkedIn: linkedin.com/in/jcarlosgl-offensive-security
- GitHub: github.com/0xCyberBerserker
Improvement ideas are welcome, and thoughtful criticism is always taken seriously.