extencilClick to copy this anchor link.

madeon_linux debian

I am a Brazilian cybersecurity professional, security researcher, and infrastructure builder. My work sits mostly around offensive security, penetration testing, vulnerability research, public-facing infrastructure, email systems, proxy/routing layers, automation, and abuse-resistant services.

I like systems that can be inspected. I like daemons that do one job. I like logs that explain the failure. I do not like black boxes, marketing words, fake security controls, or software that hides its own blast radius.

My work usually starts where the system meets the wire:

exposed applications;
broken authentication;
weak trust boundaries;
DNS and mail routing mistakes;
vulnerable upload paths;
badly isolated services;
fragile infrastructure;
abuse surfaces that nobody measured.

The machine always tells the truth. The job is to listen before pretending to know.

I also run these domains: 503.lat - abin.lat - ciphine.com - cobaltstrike.org - email-shield.org - extencil.me - hackerschoice.org - haltman.io - haltman.org - homoglyph.org - johntheripper.org - kerberoast.org - lockbit.io - metasploit.io - meu.bingo - mishandle.org - polkit.org - pwnd.lat - revil.org - stealth.rest - unhandle.org

PROFESSIONAL BACKGROUNDClick to copy this anchor link.

I have a few years of professional experience in cybersecurity.

I worked as part of the Red Team within the Cybersecurity division of a LATAM stock exchange, where I contributed to identifying and mitigating risks in complex systems, strengthening cyber resilience, and protecting strategic assets. I also worked at a major Level 1 Certificate Authority in LATAM, conducting penetration tests in critical environments, building automation to improve security operations, and managing endpoint and detection tooling such as UEMS, endpoint privilege management platforms, and XDR systems.

I am part of The Hacker’s Choice (THC), an international hacker collective founded in 1995, where I maintain a volunteer infrastructure initiative. I also lead the technical implementation of Haltman.IO projects.

CURRENT FOCUSClick to copy this anchor link.

I currently focus on offensive security and resilient infrastructure.

Area	What I do
Offensive Security	External pentest, web/API testing, exploitation, validation, retest, adversary simulation.
Red Team	Attack path analysis, MITRE ATT&CK based simulations, detection validation, Purple Team exercises.
Vulnerability Research	Bug discovery, impact analysis, proof-of-concept writing, disclosure, mitigation notes.
Infrastructure Security	Linux servers, DNS/TLS, Caddy, Postfix, Dovecot, OpenDKIM, MariaDB, Redis, hardening.
Mail Infrastructure	Alias routing, forwarding flows, SPF/DKIM/DMARC alignment, abuse controls, queue behavior.
Automation	Scripts and tooling to reduce manual operator work, validate fixes, and keep systems measurable.
Open Source	Tools and infrastructure that can be audited, forked, broken, fixed, and reused.

TECHNICAL WORKClick to copy this anchor link.

mail.thc.orgClick to copy this anchor link.

I maintain and operate an open-source mail forwarding stack focused on privacy-oriented aliases, transparent infrastructure, and abuse-aware controls.

The stack handles alias routing across dozens of domains and is connected with historical hacker/security communities such as The Hacker’s Choice, Phrack, Team-TESO, Eurocompton, AntiSec, and Segfault.

The goal is simple: mail forwarding without freemium theater, opaque limits, or fake privacy claims.

Main components:

plain text

Postfix
Dovecot
PostSRSd
MariaDB
OpenDKIM
NestJS
Redis
Next.js
Caddy

The stack is built around observable behavior: DNS checks, forwarding state, alias lifecycle, ban logic, handle reservation, DKIM alignment, and failure modes that can be understood without reading a vendor brochure.

rtc2tcpClick to copy this anchor link.

rtc2tcp is a Go tool for tunneling arbitrary TCP ports over WebRTC DataChannels with end-to-end encryption.

It is built for legitimate remote access, research, administration, and education. The broker introduces peers. Payload bytes stay outside the broker.

Repository: haltman-io/rtc2tcp

Use case:

plain text

local tcp service
    ↓
encrypted WebRTC DataChannel
    ↓
remote peer
    ↓
tcp socket

No exposed inbound port. No VPN account ceremony. No magic. Just a tunnel, a broker, and clear trust boundaries.

AGMHClick to copy this anchor link.

AGMH means Anti GitHub & Microsoft Hysteria.

It is a Python tool for local backup and cross-forge mirroring of Git repositories. The idea is to avoid having a single forge, company, or policy mistake become the point where the work disappears.

Repository: haltman-io/agmh

Supported targets include:

GitHub
GitLab
Forgejo / Gitea
Codeberg
Bitbucket
SourceHut
compatible Git remotes

ip-thcClick to copy this anchor link.

ip-thc is a Go tool for public intelligence collection at scale.

It works around reverse DNS, subdomain enumeration, CNAME relationship discovery, and other pieces of exposed infrastructure metadata.

Repository: haltman-io/ip-thc

SECURITY RESEARCHClick to copy this anchor link.

I do responsible security research across public and private programs.

Some reports are public. Some are confidential. Some are buried in vendor inboxes, old acknowledgements, changelogs, or Hall of Fame pages. That is normal. Disclosure is not always clean. The bug either existed or it did not.

CVEClick to copy this anchor link.

ID	Target	Impact
CVE-2024-44849	Qualitor ITSM	Critical Remote Code Execution via arbitrary file upload in `checkAcesso.php`

References:

Selected acknowledgements and reportsClick to copy this anchor link.

Year	Target / Program	Notes
2026	Cloudflare	Email Flooding/Abuse trough Cloudflare's SMTP
2026	`iq.thc.org`	Hall of Fame
2026	`dns2tcp-gateway`	Hall of Fame / patch reference
2025	Klarna	HackerOne / Hall of Fame
2024	NASA	Confidential report
2024	Qualitor	CVE-2024-44849
2023	`segfault.net`	Hall of Fame / changelog acknowledgement
2021	LinkedIn	SMTP abuse path / spam delivery behavior
2021	Brazilian Army enlistment portal	Session takeover on Gov.br-connected accounts
2021	ENEM / INEP	Source disclosure and unauthenticated pivots
Multiple	OpenBugBounty	Quality badge and public reports

HOW I THINK ABOUT SECURITYClick to copy this anchor link.

Security is not a checkbox. It is not a deck. It is not a dashboard with green squares.

It is behavior under pressure.

A system is only as honest as its failure mode. If the logs lie, the operator is blind. If the queue grows without backpressure, the service is already asking to be abused. If trust boundaries are implicit, they do not exist. If a security control cannot explain what it blocked, it is mostly decoration.

My default questions are mechanical:

plain text

What receives input?
Who trusts it?
Where is it parsed?
What changes state?
What crosses a boundary?
What gets logged?
What fails open?
What can be replayed?
What can be flooded?
What does the attacker get for free?

That is where the interesting bugs live.

STACKClick to copy this anchor link.

LanguagesClick to copy this anchor link.

Go
Python
JavaScript
TypeScript
Node.js

COMMUNITIESClick to copy this anchor link.

I maintain and contribute to technical work connected with:

I care about the old internet because it had less varnish and more signal. Zines, mailing lists, changelogs, shell accounts, weird infrastructure, broken things, fixed things, and people who could explain what they touched.

That culture still matters.

LINKSClick to copy this anchor link.

Where	Link
Portfolio	me.extencil.me # this website =P
GitHub	github.com/extencil
GitLab	gitlab.com/extencil
X / Twitter	x.com/extencil
Bluesky	bsky.app/profile/extencil.me
Mastodon	mastodon.social/@extencil
Telegram	t.me/extencil
YouTube	youtube.com/@extencil-thc
HackerOne	hackerone.com/extencil
Mail service	mail.thc.org
Haltman.IO	haltman.io