Jonas Resch
Security Researcher // Pentester // CS Student
Security-minded computer science student at HS Mittweida, focusing on application security and practical penetration testing. Building offensive security tools and translating findings into clear, actionable results.
About Me
I'm a B.Sc. Applied Computer Science student at the University of Applied Sciences Mittweida (Germany), currently in my 1st semester, with a strong passion for IT security.
My workflow involves running structured, reproducible security checks and translating findings into clear, actionable recommendations. I specialize in web application security and build custom tools to automate offensive security tasks.
Currently working on secure code review and automated pentesting tools, and actively contributing to vulnerability research through responsible disclosure.
IDOR, Injection, SSRF, authentication bypass, and business logic vulnerabilities in modern web applications.
Structured, reproducible security assessments with clear reporting and actionable remediation guidance.
Building automated scanners and offensive tools that make pentesting workflows faster and more thorough.
Finding and responsibly disclosing vulnerabilities, contributing to a more secure ecosystem.
Security Arsenal
Open-source offensive security tools and utilities built for real-world pentesting workflows.
EscalateX
A powerful Linux privilege escalation scanner — a feature-rich and modern alternative to LinPEAS, built for speed, depth, and clarity.
Leaktor
A blazingly fast secrets scanner with validation capabilities. Finds leaked credentials, API keys, and tokens across codebases.
FlipperZero BadUSB
Next-generation modular payload system for Flipper Zero BadUSB — advanced DuckyScript payloads with remote module loading.
HTTPipe
A pentesting tool for quickly serving a file or script over HTTP to the target machine during engagements.
QuantHide
Hide files and messages inside images with post-quantum encryption. Steganography using Kyber1024 + ChaCha20 that resists quantum attacks.
Inscribe
Fast, elegant USB imaging for Linux. A modern, open-source alternative to balenaEtcher with a clean UI and power-user controls.
Tech Stack
Languages, tools, and platforms I work with daily.
CVE Disclosures
Responsibly disclosed vulnerabilities. Each finding goes through coordinated disclosure with the affected vendor before publication.
Arbitrary File Deletion via Path Traversal in Wiki Page Update
Path traversal vulnerability in the updateWikiPage function allows authenticated users to delete arbitrary files on the server via the old_title parameter.
Latest Writeups
CTF solutions, vulnerability analyses, and technical deep-dives into security topics.
Get in Touch
Interested in collaboration, responsible disclosure, or just want to talk security? Reach out.