Offensive Security Researcher

Billy
Istono

I break systems for a living — web apps, networks, Active Directory. Fluent in Python, JavaScript, and Golang. I write the tools when the tools don't exist.

Penetration Testing Red Team Exploit Dev Bug Bounty
Security Researcher — 2025
01

Who
I Am

"I don't just run scanners. I read the source, trace the logic, and find what automated tools are too dumb to see."

Offensive security practitioner obsessed with understanding how things break. I specialize in web application pentesting, network exploitation, and building custom tooling when off-the-shelf solutions fall short.

Python for rapid prototyping. JavaScript for knowing exactly how XSS payloads land. Golang for building fast, cross-platform tools that actually ship.

When I'm not hunting bugs, I'm studying Active Directory abuse paths, reading CVE write-ups, or grinding CTF challenges.

52+ CVEs Found
34+ Bug Bounties
3 Languages Mastered
02

What
I Do

001
Web Exploitation

XSS, SQLi, SSRF, XXE, IDOR, RCE. Finding logic flaws that scanners miss.

Burp SuiteJavaScriptOWASP
002
Network & AD

Kerberoasting, lateral movement, privilege escalation in domains.

BloodHoundImpacketCME
003
Python

Exploit PoCs, fuzzers, recon automation scripts.

ScapyPwntoolsasyncio
004
JavaScript

XSS payloads, prototype pollution, DOM exploitation.

Node.jsV8CSP Bypass
005
Golang

Fast offensive tools, scanners, C2 frameworks.

goroutinesnet/httpC2
006
OSINT & Recon

Attack surface mapping, subdomain enumeration.

ShodanAmassSubfinder
03

Selected
Work

# Project Stack
01
GhostScan
Stealth port scanner with SYN mode.
GolangNetworking
02
XSSHunter CLI
Blind XSS injector automation.
PythonWeb
03
AD-Enum
Active Directory enumeration tool.
LDAPPython
04
PhantomC2
Encrypted C2 framework.
GolangCrypto
Let's
Connect

Open for bug bounty, pentesting, or collaboration.