Skip to content
View regaan's full-sized avatar

Organizations

@rothackers

Block or report regaan

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
regaan/README.md

~/regaan_

Security Researcher and Offensive Security Engineer building open-source frameworks for AI/LLM security, protocol analysis, reverse engineering, protocol fuzzing, and stateful application testing.

My work focuses on designing offensive tooling, reproducible security research platforms, and implementation-driven research for modern software and AI systems.

πŸ“ Chennai, India


Research Interests

  • AI & LLM Security
  • Offensive Security Engineering
  • Stateful Application Security
  • WebSocket & Protocol Security
  • Coverage-Guided Fuzzing
  • Reverse Engineering
  • Exploit Development
  • Adversarial Machine Learning

Flagship Open Source Projects

Basilisk

Evolutionary AI Red Teaming Framework for systematic security evaluation of Large Language Models.

Highlights

  • Evolutionary prompt mutation
  • Genetic algorithms
  • Differential model testing
  • OWASP LLM Top 10 attack modules
  • Behavioral clustering
  • Multi-model evaluation

WSHawk

Stateful WebSocket Security Assessment Platform for modern realtime applications.

Highlights

  • Stateful replay engine
  • Identity-aware testing
  • Browser-assisted validation
  • WebSocket interception
  • Race condition analysis
  • Authorization testing
  • Evidence generation

ProtoCrash

Coverage-guided protocol fuzzing framework for binary and custom protocols.

Highlights

  • Grammar-aware mutation
  • Distributed fuzzing
  • Coverage-guided execution
  • Crash triage
  • Corpus management
  • Protocol parser framework

Rothalyx

Cross-platform reverse engineering framework for binary analysis.

Highlights

  • Static analysis
  • CFG recovery
  • Intermediate Representation
  • SSA
  • Native decompiler
  • Embedded debugger
  • Plugin SDK

Other Projects

  • PoCSmith β€” AI-assisted Proof-of-Concept generation
  • LockRoot β€” Secure credential vault
  • SQL Tamper Framework β€” Intelligent SQL payload transformation
  • Keikaku β€” Custom interpreted runtime
  • RedLang β€” LLVM-based systems programming language

Selected Publications

Basilisk

SSRN

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=6373439

DOI

https://doi.org/10.2139/ssrn.6373439

Zenodo

https://doi.org/10.5281/zenodo.18909538

Citation

Regaan R. Basilisk: An Evolutionary AI Red-Teaming Framework for Systematic Security Evaluation of Large Language Models. SSRN Electronic Journal. 2026.

@article{regaan2026basilisk,
  title={Basilisk: An Evolutionary AI Red-Teaming Framework for Systematic Security Evaluation of Large Language Models},
  author={Regaan, R},
  journal={SSRN Electronic Journal},
  year={2026},
  doi={10.2139/ssrn.6373439}
}

WSHawk

Figshare

https://figshare.com/articles/preprint/WSHawk_Stateful_Security_Assessment_of_WebSocket_Applications_through_Adaptive_Payload_Mutation_and_Browser-Assisted_Validation/32955467

DOI (Figshare)

https://doi.org/10.6084/m9.figshare.32955467.v1

Zenodo

https://doi.org/10.5281/zenodo.21290858

Citation

Regaan, R. (2026). WSHawk: Stateful Security Assessment of WebSocket Applications through Adaptive Payload Mutation and Browser-Assisted Validation (Version 4.0.1). ROT Independent Security Research Lab. https://doi.org/10.5281/zenodo.21290858

@article{regaan2026wshawk,
  author = {Regaan, R},
  title = {WSHawk: Stateful Security Assessment of WebSocket Applications through Adaptive Payload Mutation and Browser-Assisted Validation},
  year = {2026},
  month = {7},
  doi = {10.6084/m9.figshare.32955467.v1},
  url = {https://figshare.com/articles/preprint/WSHawk_Stateful_Security_Assessment_of_WebSocket_Applications_through_Adaptive_Payload_Mutation_and_Browser-Assisted_Validation/32955467}
}

Technical Stack

Programming

  • Go
  • C
  • C++
  • Python
  • TypeScript

Security

  • AI & LLM Security
  • Web Security
  • WebSocket Security
  • Protocol Analysis
  • Reverse Engineering
  • Coverage-Guided Fuzzing
  • Exploit Development
  • Offensive Tooling

Systems

  • Linux Internals
  • LLVM
  • TCP/IP
  • Binary Analysis
  • Virtual Machines

Infrastructure

  • Docker
  • Redis
  • PostgreSQL
  • GitHub Actions

Artificial Intelligence

  • Adversarial Machine Learning
  • Prompt Evolution
  • Model Evaluation
  • LLM Security Testing

Engineering Principles

  • Build systems that mirror real offensive workflows.
  • Prioritize reproducibility over isolated findings.
  • Treat evidence as a first-class output.
  • Favor implementation-backed research over theoretical discussion.
  • Release practical open-source tooling for the security community.

Certifications

  • Certified Ethical Hacker (CEH)

Connect

🌐 Website

https://regaan.rothackers.com

🏒 Research Lab

https://rothackers.com

πŸ’» GitHub

https://github.com/regaan

πŸ’Ό LinkedIn

https://linkedin.com/in/regaan

𝕏 X (Twitter)

https://x.com/regaan_sec


All research is performed in authorized environments for defensive security evaluation, education, and responsible disclosure.

Pinned Loading

  1. rothackers/Rothalyx rothackers/Rothalyx Public

    Rothalyx RE FRAMEWORK is a cross-platform reverse engineering framework for binary analysis, disassembly, graph recovery, decompilation, debugging, and security research.

    C++

  2. wshawk wshawk Public

    Open source toolkit for WebSocket security testing, web application penetration testing, and stateful attack validation. It combines a CLI scanner, web dashboard, Electron desktop app, browser comp…

    Python 9 1

  3. basilisk basilisk Public

    Basilisk β€” Open-source AI red teaming framework with genetic prompt evolution. Automated LLM security testing for GPT-4, Claude, Grok, Gemini. OWASP LLM Top 10 coverage. 32 attack modules.

    Python 22 1

  4. graphql-scanner graphql-scanner Public

    Advanced GraphQL vulnerability scanner with async support, 100+ attack payloads, field fuzzing, and Burp Suite integration.

    Python 1

  5. sqlmap-tamper-collection sqlmap-tamper-collection Public

    Modern WAF bypass tamper scripts for SQLMap targeting Cloudflare, AWS WAF, and Azure WAF using 2025 evasion techniques.

    Python 12 4

  6. ProtoCrash ProtoCrash Public

    ProtoCrash is a smart mutation-based fuzzer designed to find crashes and vulnerabilities in network protocol implementations. Built with intelligent feedback-driven fuzzing techniques, it targets c…

    Python 1