[Tool] Crimson Cloak, iOS/iSH Security Wrapper with RealTime Dashboard
▲ 16 r/ExploitDev+7 crossposts

[Tool] Crimson Cloak, iOS/iSH Security Wrapper with RealTime Dashboard

If you play around with running iSH on iPhone/iPad as a mobile red/blue team rig:

Crimson Cloak gives you a full HTTP + WebSocket dashboard inside iSH:
- Embedded dark-themed control panel
- Tool discovery & shortcut launching
- Clipboard sync, file events, network monitoring
- SSH reverse tunnel auto-connect to Kali/Pi backend

All sandboxed. No jailbreak required.

Repo: https://github.com/synchancybersecurity/Crimson-Cloak-ISH-wrapper-iOS-

Curious if anyone else is using iSH for mobile ops.

github.com
u/Fillmoslim — 3 days ago
▲ 1 r/oscp+1 crossposts

8 cell hardware fault injection lab for $5K, W/architecture breakdown & seeking feedback

!!CAGE LAB🧪🥼!!! hardware security testing framework, I guess I just wanted to share the architecture with people who understand both the offensive and defensive sides.

D.Z.D.E or Daedalus SubZD Engine lil break down:

8 independent cells, each running a Raspberry Pi 5 controller with auto detected I2C/SPI/UART/USB extensions.
Designed for Rowhammer, EMFI, laser fault injection, thermal manipulation, and voltage glitching all commodity hardware under $15K total.

The bs problem it solves imo:

Hardware security R&D usually dies at the whole "can we even talk to this chip?"
This auto detects extensions, provides per target calibration interfaces, and runs everything through a physical kill switch with CAGE/LIVE/WAR safety modes.

Cost per cell hardware is \~$600:

Pi 5 8GB + Pi Edge HAT
RTL-SDR / HackRF for RF verification
RFID (MFRC522), LoRa (SX1276), GPS (NEO-6M), CAN (MCP2515)
EMFI coils, 808nm laser diodes, TEC1 12706 Peltier
ADS1115 ADC + MCP4725 DAC for precision glitching
8 channel relays, PCA9685 PWM drivers.

Repo: github.com/synchancybersecurity/Daedalus-SubZD-Engine

Cage lab authorized only.
Physical kill switch is the sole fail-safe.

Agent F.

reddit.com
u/Fillmoslim — 8 days ago
▲ 0 r/HomeDataCenter+1 crossposts

8 cell hardware fault injection lab for $5K, W/architecture breakdown & seeking feedback

!!CAGE LAB🧪🥼!!! hardware security testing framework, I guess I just wanted to share the architecture with people who understand both the offensive and defensive sides.

D.Z.D.E or Daedalus SubZD Engine lil break down:

8 independent cells, each running a Raspberry Pi 5 controller with auto detected I2C/SPI/UART/USB extensions.
Designed for Rowhammer, EMFI, laser fault injection, thermal manipulation, and voltage glitching all commodity hardware under $15K total.

The bs problem it solves imo:

Hardware security R&D usually dies at the whole "can we even talk to this chip?"
This auto detects extensions, provides per target calibration interfaces, and runs everything through a physical kill switch with CAGE/LIVE/WAR safety modes.

Cost per cell hardware is \~$600:

Pi 5 8GB + Pi Edge HAT
RTL-SDR / HackRF for RF verification
RFID (MFRC522), LoRa (SX1276), GPS (NEO-6M), CAN (MCP2515)
EMFI coils, 808nm laser diodes, TEC1 12706 Peltier
ADS1115 ADC + MCP4725 DAC for precision glitching
8 channel relays, PCA9685 PWM drivers.

Repo: github.com/synchancybersecurity/Daedalus-SubZD-Engine-1.0

Cage lab authorized only.
Physical kill switch is the sole fail-safe.

Agent F.

reddit.com
u/Fillmoslim — 8 days ago
▲ 3 r/FPGA+1 crossposts

8 cell hardware fault injection lab for $5K, W/architecture breakdown & seeking feedback

!!CAGE LAB🧪🥼!!! hardware security testing framework, I guess I just wanted to share the architecture with people who understand both the offensive and defensive sides.

D.Z.D.E or Daedalus SubZD Engine lil break down:

8 independent cells, each running a Raspberry Pi 5 controller with auto detected I2C/SPI/UART/USB extensions.
Designed for Rowhammer, EMFI, laser fault injection, thermal manipulation, and voltage glitching all commodity hardware under $15K total.

The bs problem it solves imo:

Hardware security R&D usually dies at the whole "can we even talk to this chip?"
This auto detects extensions, provides per target calibration interfaces, and runs everything through a physical kill switch with CAGE/LIVE/WAR safety modes.

Cost per cell hardware is \~$600:

Pi 5 8GB + Pi Edge HAT
RTL-SDR / HackRF for RF verification
RFID (MFRC522), LoRa (SX1276), GPS (NEO-6M), CAN (MCP2515)
EMFI coils, 808nm laser diodes, TEC1 12706 Peltier
ADS1115 ADC + MCP4725 DAC for precision glitching
8 channel relays, PCA9685 PWM drivers.

Repo: github.com/synchancybersecurity/Daedalus-SubZD-Engine

Cage lab authorized only.
Physical kill switch is the sole fail-safe.

Agent F.

reddit.com
u/Fillmoslim — 8 days ago

Thoughts on this

Thoughts on this lil cage lab hardware security testing platform from people actually doing fault injection and side channel work.

D.Z.D.E (Daedalus SubZD Engine) is an 8 cell commodity hardware framework for unpatchable zeroday subclass development.
Think Rowhammer, EMFI, laser fault injection, thermal manipulation, and voltage glitching but like built entirely from Amazon/AliExpress/DigiKey parts under a $15K ceiling cap 💪🏼.

Most hardware security R&D gets stuck at "can we even talk to this chip?"
We wanted to eliminate that phase entirely.
The framework auto detects I2C/SPI/UART/USB extensions, provides per target calibration interfaces, and runs everything through a physical kill switch (GPIO4) with CAGE/LIVE/WAR safety modes.

Calibration problem:

The framework provides interfaces and parameter sweeps, but analog tuning (laser positioning, thermal rates, EM pulse timing, DRAM row mapping) must be done manually per specific target silicon.
This is normal in hardware security ops the platform just eliminates the "can we talk to this chip" R&D phase.

Python modules functional (CAGE mode simulation)
Hardware bus scanner working (i2cdetect fallback when smbus2 unavailable)
5 attack vectors registered with safety limits
Full BOM at $4,853 / $15,000 budget.

Just wanted to get thoughts the architecture and get feedback from people actually doing fault injection.

github.com/synchancybersecurity/Daedalus-SubZD-Engine (Apache 2.0, ITAR-controlled disclaimer included).

This is cage lab authorized research only.
Physical kill switch is the sole fail safe.
Not for unauthorized use!!!!

Agent F.

reddit.com
u/Fillmoslim — 8 days ago

Ayeeee 😅 r/exploitdev

MF’n working on a cage lab hardware security testing platform and wanted to share the architecture + get feedback from people actually doing fault injection and side channel work.

Lil breakdown:

D.Z.D.E (Daedalus SubZD Engine) is an 8 cell commodity hardware framework for unpatchable zeroday subclass development.
Think Rowhammer, EMFI, laser fault injection, thermal manipulation, and voltage glitching but like built entirely from Amazon/AliExpress/DigiKey parts under a $15K ceiling cap 💪🏼.

Why TF I did:

Most hardware security R&D gets stuck at "can we even talk to this chip?"
We wanted to eliminate that phase entirely.
The framework auto detects I2C/SPI/UART/USB extensions, provides per target calibration interfaces, and runs everything through a physical kill switch (GPIO4) with CAGE/LIVE/WAR safety modes.

Cost on Hardware per cell ~$600:

Raspberry Pi 5 8GB as controller
RTL-SDR / HackRF for RF verification
MFRC522 (RFID), SX1276 (LoRa), NEO-6M (GPS), MCP2515 (CAN)
EMFI coils, 808nm laser diodes, TEC1-12706 Peltier modules.
ADS1115 ADC + MCP4725 DAC for precision power rail control
8 channel relay modules, PCA9685 PWM drivers.

calibration problem:

The framework provides interfaces and parameter sweeps, but analog tuning (laser positioning, thermal rates, EM pulse timing, DRAM row mapping) must be done manually per specific target silicon.
This is normal in hardware security ops the platform just eliminates the "can we talk to this chip" R&D phase.

Where we currently are with it:

All Python modules functional (CAGE mode simulation)
Hardware bus scanner working (i2cdetect fallback when smbus2 unavailable)
5 attack vectors registered with safety limits
Full BOM at $4,853 / $15,000 budget.

I am seeking:

Feedback on the vector architecture from people doing real fault injection.
Suggestions for additional commodity hardware extensions.
Thoughts on the calibration workflow is the hands on parameter sweep approach viable for your workflow?

Potential collaborators or sponsors for expanding to additional working on a cage lab hardware security testing platform.
Also we wanted to share the architecture and get feedback from people actually doing fault injection.

Suggestions for additional commodity hardware extensions.
Thoughts on the calibration workflow is the hands on parameter sweep approach viable for your workflow?
Potential collaborators or sponsors for expanding to additional attack surfaces (optical, acoustic, power analysis).

Our git:

github.com/synchancybersecurity/Daedalus-SubZD-Engine (Apache 2.0, ITAR-controlled disclaimer included).

Full Content disclosure:

This is cage lab authorized research only.
Physical kill switch is the sole fail safe.
Not for unauthorized use!!!!

Would love to hear thoughts from people actually doing this work.
What am I missing?
What would make this actually useful in your lab?

Agent F.
SynChanCyberSecurity LLC

reddit.com
u/Fillmoslim — 8 days ago
▲ 4 r/lonely

All my friends are 🪦

Kind of makes life less worth it tbh lol, the funeral count is around 3 dozen no therapy helps, our lifestyles were all crazy, I’m alive I’m alone inside my head most days, and the neighborhood sucks

reddit.com
u/Fillmoslim — 9 days ago
▲ 2 r/threatintel+1 crossposts

Let’s test Tesla.com Vs. Hecate deep paint OSINT tool #tesla #osint #hacker #redteaming #bugbounty

Just something we are working on in house

youtube.com
u/Fillmoslim — 14 days ago
▲ 4 r/IMadeThis+1 crossposts

I built Hecate 4.0 a conversational OSINT engine that understands plain English commands

Tired of memorizing nmap flags and tool syntax,
I built an engine that just listens.

Hecate 4.0 features:

• Conversational input: "Scan 'username'" done. "Deep scan 'example.com' skip active recon" handled.

• 2,970 platforms across 7 database categories (NSFW, Gov, EU, Dating/Social, Commerce, Messaging, core)

• AI Hive: Multi model orchestration for intelligent analysis

• Universal input: Auto detects whether you fed it a username, domain, IP, email, or phone

• Deep correlation: Links identities across platform categories automatically

• Local-only: Runs on your hardware, your data never leaves

Software compatibility:

Linux/mac/pc as well as

Mobile compatibility: via iOS no jailbreak needed via the free ish app ruining alpine, as well as Android running the turmux app

Software functionality confirmed and units ready to move @
ebay: [https://ebay.io/m/I4Gjao\]

u/Fillmoslim — 14 days ago

Dropping HECATE a hardened OSINT platform built specifically for authorized red team operations.

Some tools either lack modularity or bury you in dependencies.
HECATE splits cleanly into 11 modules with a single target search input so you only load what the engagement requires.
No bloat on embedded devices.

Request jitter and User Agent rotation to avoid pattern detection
Proxychains native multihop routing
Tor .onion vector support
Modular payload delivery via exploit.py
Social engineering template engine SET, Evilginx2 compatible

Kali Linux optimized, Termux and ish iOS compatible
Single file entry point: python3 hecate.py
All secrets in .env repo is clean for public push
Makefile included for rapid deployment

If anyone has a lab environment, I'd appreciate validation on the wireless auditing module Pwnagotchi/Aircrack integration and the autonomous red team pipeline.

Also some features are still being added + removed it’s a work in progress.

Repo: https://github.com/synchancybersecurity/Hecate

Stay sharp 🔪
SynChan 🫡

youtu.be
u/Fillmoslim — 19 days ago
▲ 7 r/oscp

HECATE OSINT

Working on a lil OSINT engine called “HECATE”

Hardened Extraction, Collection, Analysis & Tactical Engine, for authorized red team and “bug bounty-ish”operations.

500+ platform database spanning clear web and onion vectors
Username/email/phone enumeration with cross platform correlation
Deep paint dork generation for automated search vector creation
Multi-model AI orchestration |Groq, Kimi, Qwen, OpenRouter| etc for intelligent tool selection and attack path generation
Full network recon integration: Nmap, Masscan, Shodan, Wigle
Modular architecture: 11 independent modules on target input 💯
[scanner, osint, exploit, crypto, network, reporting, ai, database, ui, core, main]

Security posture:

All API keys externalized to .env no hardcoded secrets
Proxychains + Tor routing support

Tech stack:

Python 3.8+, zero external dependencies for core, optional integrations for AI modules
Android or iOS functionality though for obvious reasons you have a lot more reach on an android than I do here in the iOS demo.

Repo: https://github.com/synchancybersecurity/Hecate

functions but still in development and undergoing changes & updates.

Cheers,
SynChanCyberSecurity

u/Fillmoslim — 19 days ago

Open sourcing our hardware red team RF toolkit: the Crimson Flipper Arsenal

My team built this for authorized client engagements and cage lab testing. Now it's public.

*Included*
- 500+ vehicle SubGHz signals (US/EU/Asia)
- LoRa jamming templates across all standard bands
- Cellular chirp references
- NFC/RFID analysis pack
- Vending and access control protocols

Everything is validated, organized, and ready to deploy. Full documentation and SHA-256 manifest on the repo.

https://youtube.com/shorts/\_52DNbqkftc?si=O69XFQE8F1Th7NLb

Authorized security research only. SynChanCyberSecurity.

reddit.com
u/Fillmoslim — 1 month ago
▲ 10 r/hacking

Dropping the Crimson Flipper Arsenal soon. 500+ vehicle signals. LoRa. Cellular. Vending. All validated.

Built this for our red-team cage lab. Decided to open-source it.

**The pack:**
- Vehicle SubGHz: Ford, BMW, VW, Audi, Mercedes, Hummer, Lincoln, Saturn, Polestar, VinFast, and more
- LoRa 433/868/915 MHz jamming templates
- Cellular downlink chirps
- Coin pulse / vending protocols
- NFC/RFID templates

Everything loads clean. No formatting headaches.

https://youtube.com/shorts/\_52DNbqkftc?si=O69XFQE8F1Th7NLb

Authorized research only. Don't be stupid.

SynChanCyberSecurity

reddit.com
u/Fillmoslim — 1 month ago
▲ 647 r/degoogle

I wrote a phone OS from scratch because I wanted zero Google code in the kernel — first boot working

Every phone runs Android or iOS. Both are owned by corporations with financial incentives to harvest your data.

I spent the last year writing a third option from scratch.

Crimson OS:
- Original ARM64 kernel — zero Google, zero Apple, zero Linux ancestry
- No Google Play Services, no Google Services Framework, nothing
- No inherited Android permissions system — capability-based MAC from scratch
- BloodMoon browser with native Tor and I2P — no Orbot needed
- No telemetry, no crash reporting, no usage data collection by design

It just booted for the first time in QEMU with all 11 init phases working.

Next step is PinePhone hardware. Kickstarter launching soon to fund it.

Anyone else tired of the duopoly?

u/Fillmoslim — 1 month ago
▲ 92 r/osdev

CrimsonOS 1st Successful QEMU boot

Super freaking stoked right now this is our first successful boot without any issue what so ever through. Months of work have gone into this.

u/Fillmoslim — 2 months ago
▲ 0 r/osdev

Showoff: CrimsonOS — From-scratch kernel, framebuffer GUI, booting to handset hardware

We're building a bare-metal mobile OS on a custom kernel (Crimson kernel). No Linux, no Android, no borrowed compositor — direct framebuffer render loop, custom init, custom syscall surface.

Boots Pi 5 in <3s. Sub-3-second cold boot to GUI. Moving to actual handset hardware for boot testing now.

Kernel architecture: small enough to audit, no inherited CVEs, deterministic latency for RF timing (SDR/WiFi injection). GUI is iOS-style app grid with dock, edge-swipe panels, PIN lock — all rendered direct-to-framebuffer.

Seeking war stories from anyone who's done bare-metal bring-up on handset-class ARM. What SoCs had open bootloaders? How did you handle MIPI DSI panel init without vendor blobs? How do you isolate the cellular baseband from the application processor?

Repo: https://github.com/synchancybersecurity/CrimsonOS

reddit.com
u/Fillmoslim — 2 months ago