last updated 2026-06-12 · github pages · evidence index

prodsec / appsec / natsec / osint

Sean Nejad

// @allsmog · security research · offensive tooling · applied crypto

I build evidence-driven security systems: agentic SAST, CPG and symbolic-analysis infrastructure, OSINT dashboards, DFIR tooling, malware sandboxes, MCP security workflows, and proof-oriented auth.

github selected work sitemap
Sean Nejad / allsmog security research portfolio preview for ProdSec, AppSec, OSINT, DFIR, and program analysis.
case-file figure: generated security research portfolio artwork / ProdSec / AppSec / OSINT / DFIR evidence

01 / selected work

Evidence first. Tools second.

Three case-file rows anchor the portfolio: agentic AppSec, code-property-graph infrastructure, and symbolic execution. The rest of the work stays indexed below.

Cinematic dark lab visualization of Kuzushi agentic AppSec scanning, evidence traces, and source-to-sink analysis nodes.

AppSec

Kuzushi

Kuzushi is an agentic application-security scanner that maps code, hunts source-to-sink paths, triages findings, and keeps scan evidence replayable across shell, run, and scan workflows.

  • Modular scanner runtime for DAG-based security pipelines.
  • Agentic triage surfaces that reduce false-positive review load.
  • Replayable artifacts, trace output, and Rust-native operator UI.
Rust AppSec automation open repository
Cinematic dark program-analysis bench with orange code-property graph nodes, AST fragments, and dataflow layers for oxidized-joern.

Program Analysis

oxidized-joern

oxidized-joern is a Rust-first Joern fork focused on code-property-graph infrastructure, static analysis components, and security research workflows.

  • Explores Rust-first implementation paths around Joern-style analysis.
  • Keeps code-property-graph concepts visible in the portfolio.
  • Connects AppSec scanning work to lower-level program-analysis infrastructure.
Scala / Rust CPG analysis open repository
Cinematic dark symbolic-execution graph with purple constraint nodes, solver crystals, and a green solved path for klee-ng.

Symbolic Execution

klee-ng

klee-ng is a KLEE symbolic-execution fork positioned around test generation, path exploration, and vulnerability-research infrastructure.

  • Represents deeper interest in solver-backed analysis and path exploration.
  • Complements fuzzing and source-to-sink security workflows.
  • Useful portfolio signal for vulnerability research beyond web scanners.
C++ Symbolic execution open repository

02 / project index

Security systems by domain.

Filter the rest of the portfolio by the kind of problem you care about.

Cinematic dark OSINT operations table with geospatial signal arcs, event beacons, and intelligence evidence tiles for SignalTrace.
OSINT TypeScript

SignalTrace

Real-time OSINT intelligence dashboard.

osintthreat-intelligencegeospatialsituational-awareness
case file github
Cinematic dark cryptography visualization of zero-knowledge proof rings, sender-constrained tokens, and secure authentication flow for zkdpop-go.
Crypto Go

zkdpop-go

Zero-knowledge login and sender-constrained tokens in Go.

cryptographyauthenticationdpopjwt
case file github
Cinematic dark malware-analysis sandbox with sealed containment cube, red telemetry, and neutral evidence artifacts for detonate.
Malware Python

detonate

Open-source malware analysis sandbox.

malware-analysismalware-sandboxdfiryara
case file github

03 / operating style

Builder, security researcher, operator tooling person.

My best work preserves evidence, runs locally where it should, and turns noisy security data into defensible next actions.

I care about proof state, traceability, explicit scope, and tools that survive contact with real operators.

ProdSecAppSecNatSecOSINTDFIRmalware analysisapplied cryptoprogram analysis