$ whoami

Jonas Resch

Security Researcher // Pentester // CS Student

Security-minded computer science student at HS Mittweida, focusing on application security and practical penetration testing. Building offensive security tools and translating findings into clear, actionable results.

HackTheBox Top 200 B.Sc. Applied CS @ Mittweida Security Analyst @ HSMW

View Projects Read Writeups

Quick Stats

CVEs Published 1

HackTheBox Top 200

Open Source Tools 3+

Focus AppSec

Based in Germany

01 // About

About Me

I'm a B.Sc. Applied Computer Science student at the University of Applied Sciences Mittweida (Germany), currently in my 2nd semester, with a strong passion for IT security.

My workflow involves running structured, reproducible security checks and translating findings into clear, actionable recommendations. I specialize in web application security and build custom tools to automate offensive security tasks.

Currently working on secure code review and automated pentesting tools, and actively contributing to vulnerability research through responsible disclosure.

◆ Web Application Security

IDOR, Injection, SSRF, authentication bypass, and business logic vulnerabilities in modern web applications.

◆ Penetration Testing

Structured, reproducible security assessments with clear reporting and actionable remediation guidance.

◆ Security Tooling

Building automated scanners and offensive tools that make pentesting workflows faster and more thorough.

◆ Vulnerability Research

Finding and responsibly disclosing vulnerabilities, contributing to a more secure ecosystem.

02 // Projects

Projects

Open-source tools and utilities I've built and maintain.

Hardware Hacking

FlipperZero BadUSB

Next-generation modular payload system for Flipper Zero BadUSB — advanced DuckyScript payloads with remote module loading.

Python PowerShell

10

Secret Scanning

Leaktor

Secrets scanner built for speed. Combines pattern matching, entropy analysis, and live validation to catch leaked credentials before they hit production.

Rust CLI

5

Systems

Inscribe

Fast, elegant USB imaging for Linux. A modern, open-source alternative to balenaEtcher with a clean UI, clear progress, and power-user controls.

TypeScript Rust

4

View all repositories on GitHub

03 // Skills

Tech Stack

Languages, tools, and platforms I work with daily.

<> Languages

Python Rust Java Bash PowerShell

>> Security Tools

Burp Suite Metasploit Wireshark Nmap Hashcat Ghidra sqlmap ffuf

~/ Infrastructure

Kali Linux Docker Git Linux Admin Nginx CI/CD

** Focus Areas

Web App Pentesting Privilege Escalation API Security Code Review OSINT Reverse Engineering

04 // Vulnerability Research

CVE Disclosures

Responsibly disclosed vulnerabilities. Each finding goes through coordinated disclosure with the affected vendor before publication.

CVE-2026-24135 High — CVSS 7.5 Published

Jan 22, 2026

Arbitrary File Deletion via Path Traversal in Wiki Page Update

Path traversal vulnerability in the updateWikiPage function allows authenticated users to delete arbitrary files on the server via the old_title parameter.

Product

Gogs

Affected

<= 0.13.3

Patched

0.13.4

Language

Go

GitHub Advisory Full Writeup

05 // Research

Latest Writeups

CTF solutions, vulnerability analyses, and technical deep-dives into security topics.

View all

cve Feb 6, 2026

CVE-2026-24135: Arbitrary File Deletion in Gogs via Wiki Path Traversal

A path traversal vulnerability in Gogs' wiki update function allows authenticated users to delete arbitrary files on the server by manipulating the old_title parameter.

#cve #path-traversal #gogs #file-deletion #go #responsible-disclosure

View all writeups

06 // Contact

Get in Touch

Interested in collaboration, responsible disclosure, or just want to talk security? Reach out.