Duty / @duty1g

Security Researcher · Synack Red Team · Builder of offensive & discovery tools

GitHub X / Twitter Synack Acropolis HackerOne

About

Offensive security specialist with years of hands-on testing, research and CTFs. Author of SubCat, a lightning-fast passive subdomain discovery tool used by pentesters and bug bounty hunters. I enjoy turning faint frontend clues into real backend compromise paths — and then writing up what we can learn from them.

Synack Red Team — Inductee

Tooling: Python · PureBasic · C# · Go

Focus: Web, Cloud, Windows, Discovery

Highlights

Synack Exploits Explained author

Public tooling maintainer

CTF participant

Community mentions

Skip to Projects ↓

Projects

SubCat

Lightning-fast, passive subdomain discovery with modular sources and low target impact.

Python Recon Bug Bounty

View on GitHub

PwnTato

Windows privilege-escalation research tooling and experiments.

PureBasic Windows

Repository

dty

Tiny Windows reverse shell — minimalist design for demos and labs.

PureBasic PoC

Repository

Writing & Features

Turning Frontend Clues into Backend Compromise

Synack “Exploits Explained”: how unsafe routing/eval() led to RCE, and how to prevent it.

Read on Synack

SubCat in the wild

Community posts and shout-outs about SubCat releases and usage.

Release post Medium review

Acropolis: Inductee Profile

Recognized by Synack for contributions to security research and testing.

View profile

Contact

• GitHub DMs: @duty1g
• X / Twitter: @duty_1g
• (Optional) Add email or form link here.