Identify vulnerabilities and enforce security best practices across authentication, input validation, and sensitive operations.

Port existing Semgrep security rules to new target languages with applicability analysis and test-driven validation.

Decode compiled binaries using x86-64, ARM64, and ARM32 assembly patterns with calling conventions, control flow, and function structure recognition.

Scan source code across 7 languages for injection, secrets, and framework vulnerabilities using Bandit, ESLint, Semgrep with triage workflow.

Systematically discover exposed services, vulnerable systems, and IoT devices using Shodan's API, CLI, and search filters during authorized penetration testing.

Verify blockchain code implements exact specification requirements by comparing against whitepapers and design documents with evidence-based gap analysis.

Analyzes smart contract codebases against Trail of Bits best practices, generating documentation and security recommendations.

Implement Django authentication, authorization, CSRF protection, and secure production configurations

Reference 100+ critical web vulnerabilities organized by category with root causes, impacts, and specific mitigations for systematic security testing.

Find similar vulnerabilities across codebases using pattern-based analysis with ripgrep, Semgrep, and CodeQL after identifying an initial issue.

Extract and search HTTP traffic, headers, and audit findings from Burp Suite project files using regex patterns and targeted filters.

Implement authentication, authorization, CSRF protection, validation, and secure deployment in Laravel applications.

Implement authentication, authorization, CSRF protection, input validation, and secure deployment for Laravel applications.

Scan Substrate/FRAME pallets for 7 critical vulnerabilities: arithmetic overflow, panic DoS, weight miscalculation, unsafe storage writes, unsigned validation gaps, bad randomness, and origin checks.

Quantify security risks in dollars, build compliance roadmaps, and architect zero-trust strategies for growth companies.

Perform risk-focused security analysis of code changes with blast radius calculation, test coverage assessment, and comprehensive markdown reports.

Monitor and analyze ransomware group data leak sites to extract threat intelligence on victim patterns, group tactics, and sector-specific risk.

Create production-quality Semgrep rules for detecting security vulnerabilities and code patterns with mandatory testing and validation.

Measure code coverage during fuzzing to assess harness effectiveness and identify fuzzing blockers.

Scan Claude Code configurations for security vulnerabilities, misconfigurations, and injection risks.

Run parallel Semgrep static analysis with automatic language detection, Pro support, and merged SARIF output.

Configure and deploy AddressSanitizer to detect buffer overflows and memory corruption bugs during C/C++ fuzzing campaigns.

Validate cryptographic implementations against Google's test vectors for known attacks and edge cases.

Scans TON smart contracts for critical security vulnerabilities in FunC code including sender validation, integer overflow, and gas handling issues.

Scans Cosmos SDK blockchains for 9 consensus-critical vulnerabilities including non-determinism and rounding errors.

Build custom fuzzers using modular LibAFL library for advanced security testing.

Identify dependencies at heightened risk of exploitation or takeover by analyzing supply chain attack surface.

Execute ISO 27001 internal/external audits with risk-based scheduling, control assessment, nonconformity classification, and certification support workflows.

Review Bitcoin Lightning Network protocol designs, compare channel factory approaches, and analyze Layer 2 scaling tradeoffs with expert-level depth.

Design cryptographic identity, authentication, and trust verification systems for autonomous multi-agent environments with zero-trust architecture.

Identifies footgun APIs, dangerous defaults, and security-misuse designs that enable developer mistakes.

Execute systematic AWS penetration tests covering IAM enumeration, privilege escalation, metadata exploitation, and persistence techniques for red team assessments.

Identify and exploit file path traversal vulnerabilities to read arbitrary server files including credentials and source code.

Perform systematic offensive security testing to discover vulnerabilities through authorized penetration testing and vulnerability assessments.

Parse, filter, deduplicate, and convert static analysis results from SARIF files into actionable security findings.

Conduct threat modeling, vulnerability analysis, secure architecture design, and penetration testing using STRIDE methodology.

Secure Claude API integrations with key management, prompt injection defense, and output validation techniques.

Execute advanced web fuzzing for penetration testing using FFUF with multi-wordlist modes, authenticated requests, and intelligent filtering.

Execute systematic fuzzing attacks on REST, SOAP, and GraphQL APIs to discover vulnerabilities including IDOR, authentication bypass, and injection flaws.

Activate destructive command warnings and directory-scoped edit restrictions for maximum safety.

Audit GitHub Actions workflows for security vulnerabilities in AI agent integrations by detecting attack vectors where attacker-controlled input reaches CI/CD-deployed agents.

Implement authentication, authorization, input validation, rate limiting, and OWASP API Top 10 protections for REST, GraphQL, and WebSocket APIs.

Audit GitHub Actions workflows for prompt injection vulnerabilities in AI agent integrations using static analysis.

Audit AI-generated or rapidly iterated code for structural flaws, security risks, and production readiness across seven dimensions.

Create, manage, and perform cryptographic operations on keys stored in Azure Key Vault using Rust SDK with complete code examples.

Systematically investigate Django authorization implementations to find IDOR and access control vulnerabilities through code tracing and ownership model analysis.

Authenticate and manage secrets in Azure Key Vault using Rust SDK with get, set, delete, and version control operations.

Patch code with conditional compilation to overcome checksums, global state, and validation barriers during fuzzing.