Penetration Tester · CHECK Team Member

RootSec

Built on curiosity. Driven by compromise.

$ whoami

Jonathan — penetration tester specializing in web application security, phishing campaigns, and internal network testing.

Web AppsPhishingInternal TestingSAP SecurityRed Team

terminal — r00tsec@sh:~#

Recent Writingall posts →

Apr 08, 2026

PhishingGoPhish

PhishCraft: Redirectors, OPSEC, and Evasion

Building redirectors to protect infrastructure, handle Safe Links and automated scanning, and separate legitimate user traffic from analysis systems using IP, header, and parameter filtering.

Apr 08, 2026

PhishingGoPhish

PhishCraft: Ticket to the PhishingClub

Exploring PhishingClub as a unified platform that replaces the GoPhish and Evilginx stack, combining infrastructure, campaigns, and session capture into one integrated phishing framework.

Apr 08, 2026

PhishingGoPhish

PhishCraft: AiTM and Session Hijacking

Introducing AiTM phishing with Evilginx to bypass MFA protections, capture authenticated sessions, and understand the limitations of traditional credential harvesting in modern environments.

Apr 08, 2026