Skip to content
View jakeloai's full-sized avatar

Block or report jakeloai

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
jakeloai/readme.md

Jake Lo

Offensive Security Researcher & Automator

Technical Focus

Exploit-driven offensive security specialist focused on initial access, automated reconnaissance, and real-world infrastructure exposure. Moving beyond compliance checklists to prioritize actionable vulnerability hunting and attack surface analysis.

  • Core Competencies: Scalable asset discovery, infrastructure mapping, automated exploitation pipelines, and supply chain security.
  • Methodology: "Glue-code" developer, synthesizing open-source tools via Bash and Python for high-fidelity reconnaissance.

2026 Red Team Initial Access Workflow

Initial Access

A highly efficient, automation-friendly technical reconnaissance pipeline designed for modern penetration testing and red teaming. This workflow bypasses traditional social engineering to focus exclusively on technical infrastructure, cloud environments, and application logic.

Workflow Architecture

[Target: Company Name]
   │
   ├── Phase 1: OSINT & Architectural Reconnaissance (Passive)
   │      ├── EP1: Employee Reviews & Culture Analysis
   │      ├── EP2: Job Posts & Technical Stack Disclosure
   │      └── EP3: Certificate Transparency (CT) Logs Mining
   │
   ├── Phase 2: Asset & Service Enumeration (Active)
   │      ├── EP4: Multi-Layer Recursive Subdomain Enumeration
   │      ├── EP5: Hosting Server Open Ports & Censys/Shodan Mapping
   │      └── EP6: Cloud Resources & Storage Bucket Enumeration
   │
   ├── Phase 3: Web Application & API Deep Dive (Exploitation)
   │      ├── EP7: Web Path & Parameter Fuzzing
   │      ├── EP8: API Spec & Endpoint Leakage (Swagger/GraphQL)
   │      ├── EP9: Shadow AI & Chatbot Endpoints Exploitation
   │      ├── EP10: Web JS Crawling & Static Code Analysis (SAST)
   │      └── EP11: APK Decompilation & Client-Side Reverse Engineering
   │
   └── Phase 4: Code & Supply Chain Penetration
          ├── EP12: GitHub Public Repos & Commit History Leaks
          ├── EP13: Shadow Apps & Third-Party OAuth Integration Review
          └── EP14: Internal Dependency Confusion & Public Registry Exploitation

BlackSecurity Suite

BlackSecurity

An open-source offensive security orchestration framework designed to simulate high-fidelity adversaries. The suite provides modular tools (BlackTrack, BlackDork, BlackExploit, etc.) to test organizational resilience against emerging threat vectors.

Vulnerability Research Lab

Vulnerability Research Lab

Professional security research findings, proof-of-concept exploits, and responsible vulnerability disclosure documentation.

Contact

Pinned Loading

  1. BlackSecurity BlackSecurity Public

    A modular suite for large-scale threat hunting, stealth recon, and exploit discovery.

    C

  2. 2026-Red-Team-Initial-Access-Workflow 2026-Red-Team-Initial-Access-Workflow Public

    A highly efficient, automation-friendly, and pure technical reconnaissance pipeline designed for modern penetration testing and red teaming engagements.

  3. BlackOps BlackOps Public

    Post-access internal operations notes for red team scenarios. No tooling. No exploit code. Only operational structure after entry.