Skip to content
View Ruby570bocadito's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report Ruby570bocadito

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Ruby570bocadito/README.md

header

Typing SVG


CiberApuntes GitHub LinkedIn Location Open to Work

views    followers


About Me

Cybersecurity developer specializing in offensive security tooling — building the complete attack chain from reconnaissance to command & control. Focused on kernel-level rootkits, C2 frameworks, privilege escalation engines, and AI-assisted pentesting operations.

name: Ruby
location: Málaga, Spain
focus: Offensive Security & Red Team Tooling
languages:
  - Go
  - Python
  - C
  - Bash
interests:
  - Kernel Rootkits
  - C2 Development
  - Privilege Escalation
  - AI/ML Security
  - Adversarial ML
education:
  - Cisco NetAcad: Ethical Hacker
  - Cisco Academy: Python, Networking, Linux
  - Cambridge: B1 English
status: Open to cybersecurity opportunities

🎯 Featured Projects

Project Description Tech Status
Vault-Kernel Linux LKM kernel rootkit — syscall hooking, process/file/port hiding, kernel keylogger, self-hiding capabilities C Go 🟢 Active
Rise-Privilege Linux privilege escalation auto-exploiter — 10+ scanners, 60+ GTFOBins offline DB, auto-root via SUID/sudo/cron/Docker Go 🟢 Active
Pulse-C2 Post-exploitation C2 framework — X25519 + XChaCha20-Poly1305, AV evasion, SOCKS5 proxy, 7 modules Go Vue 3 🟢 Active
Wormy-ML-Network-Worm ML-powered polymorphic network worm — dynamic encryption, multi-vector propagation, adversarial ML evasion Python 🟢 Active
Specter-Terminal Offline AI-powered offensive security terminal — Ollama integration, sandboxed execution Python 🔄 Renamed
Horizon-Intel Attack surface recon platform — DNS, certs, GitHub/Google dorking, NVD, web dashboard, MITRE mapping Python 🟢 Active
Apex-Automation Autonomous pentesting assistant — Ollama-powered LLM agent with modular tool harness Python 🟢 Active
Link-Relay Post-exploitation C2 relay — multi-protocol implant communication, YOLO object detection module Python 🟢 Active
Titan-Operations Red team operations framework — modular plugin system, campaign management, Go-powered CI Go 🟢 Active
BlueForge-Suite Blue team defensive toolkit — detection engines, log analysis, threat intel aggregation CI Python 🟢 Active
Breach-Entry Zero-day exploit research — CVE-2026-XXXX: apport ExecutablePath spoofing on Ubuntu 24.04 LTS C Python 🔬 Research

📂 Complete Repository Map

🔐 Kernel & Low-Level
Repository Description Language
Vault-Kernel Linux LKM kernel rootkit — syscall hooking, process hiding, keylogger C, Go
⚔️ C2 & Post-Exploitation
Repository Description Language
Pulse-C2 Post-exploitation C2 framework with encryption, SOCKS5, AV evasion Go, Vue 3
Link-Relay Post-exploitation C2 relay with multi-protocol implant support Python
🦠 Malware & Research
Repository Description Language
Wormy-ML-Network-Worm ML-powered polymorphic worm with adversarial evasion Python
Breach-Entry CVE-2026-XXXX: Ubuntu apport zero-day LPE research C, Python
🔍 Reconnaissance & OSINT
Repository Description Language
Horizon-Intel Attack surface recon — DNS, dorking, NVD, dashboard Python
Apex-Automation Autonomous Ollama-powered pentesting assistant Python
🚀 Privilege Escalation
Repository Description Language
Rise-Privilege Linux auto-privesc with 60+ GTFOBins offline DB Go
🛡️ Blue Team & Defense
Repository Description Language
BlueForge-Suite Detection engines, log analysis, threat intel Python
Titan-Operations Red team operations & campaign management Go
🤖 AI & Automation
Repository Description Language
Specter-Terminal Offline AI offensive security assistant Python
Forge-AI Ollama-powered AI interface Python
Motion-Control ML-based gesture control system Python
📚 Knowledge & Training
Repository Description Language
Vault-Knowledge Curated pentesting knowledge base Markdown
Arena-CTF CTF challenge platform Various

🛠️ Tech Stack

languages

pentesting tools

Hydra · John · Hashcat · SQLMap · Ghidra · GDB · Strace · Tcpdump · Aircrack-ng · Impacket · BloodHound · Cobalt Strike · Sliver · Mimikatz · CrackMapExec · Responder · Netcat · Socat · Radare2 · Frida · Burp Suite · Nmap · Wireshark · Metasploit


📊 Activity

activity graph



GitHub LinkedIn CiberApuntes

footer

Pinned Loading

  1. Wormy-ML-Network-Worm Wormy-ML-Network-Worm Public

    ML-powered polymorphic network worm — self-replicating payload with dynamic encryption, multi-vector propagation, and adversarial evasion.

    Python 6 2

  2. Specter-Terminal Specter-Terminal Public

    Offline AI-powered offensive security terminal — 100% air-gapped pentesting assistant with local LLM (Ollama), sandboxed execution, and real-time guidance.

    Python

  3. Motion-Control Motion-Control Public

    Gesture-based computer control powered by machine learning — cursor movement, click, typing, and full PC control using hand gestures via MediaPipe.

    Python

  4. Apex-Automation Apex-Automation Public

    AI-assisted penetration testing automation — ML-driven vulnerability discovery and exploitation workflow with intelligent decision making.

    Python

  5. Alpaca-Trading-ML Alpaca-Trading-ML Public

    Python

  6. Rise-Privilege Rise-Privilege Public

    Automated Linux privilege escalation suite — 10+ scanners, 60+ GTFOBins database, auto-root via SUID/sudo/cron/Docker. Zero dependencies.

    Go 1