Leon Johnson
20+ years offensive security. Built tools, broke things, taught others.
github.com/sho-luv — ... repos, ... followers
| Tool | Purpose |
|---|---|
| Mr. Robot CTF | Beginner-intermediate CTF I created. 90+ community writeups over 10 years. Also on TryHackMe. |
| mavs | Mobile Application Vulnerability Scanner |
| zerologon | CVE-2020-1472 - check, exploit, restore DC password |
| mount_shares | Mount all readable CIFS shares locally for easy parsing with grep, tree, etc. |
| gpt_tools | AI-assisted pen testing and red team tools built with ChatGPT |
| React2Shell | CVE-2025-55182 toolkit - CLI, Chrome extension, Nuclei templates |
| MongoBleed | CVE-2025-14847 scanner and exploit - unauthenticated MongoDB heap memory leak |
| mass-effect | Uses Masscan to identify open ports with known exploits |
| jwtmap | JWT vulnerability mapper - like SQLMap but for JSON Web Tokens |
| Serpico | Pen test report writing tool (code contributor) |
| CVE | Severity | Product | Description |
|---|---|---|---|
| CVE-2026-28279 | High (8.4) AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
osctrl < 0.5.0 | OS Command Injection in osctrl-admin (GHSA-rchw-322g-f7rm). Authenticated admin injects shell commands via hostname parameter in environment configuration. Commands embed into enrollment scripts via Go's text/template and execute as root/SYSTEM on all enrolling endpoints before osquery installation. CWE-78. Co-discovered with Kwangyun Keum @ TikTok USDS Offensive Privacy Team. |
| CVE-2026-28280 | High (8.7) AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N |
osctrl < 0.5.0 | Stored XSS in osctrl-admin on-demand query list (GHSA-4rv8-5cmm-2r22). Low-priv user with query permissions injects JavaScript via query parameter. Payload persists and executes in the browser of any user viewing the query list, including admins. Chainable with CSRF token extraction for privilege escalation and full platform compromise. CWE-79. Co-discovered with Kwangyun Keum @ TikTok USDS Offensive Privacy Team. |
| Year | Episode | Source |
|---|---|---|
| 2026 | Software Supply Chains Under Pressure: Malware & AI | Xygeni SafeDev Talk |
| 2025 | Open Source, AI & The New Attack Surface | Xygeni SafeDev Talk |
| 2025 | Ep 127: I Am Your Permission | Layer 8 Podcast |
| 2020 | Ep 29: Social Engineers from Rapid7 | Layer 8 Podcast |
| 2018 | Ep 85: Supply Chain Attacks & Hacking Diversity | Security Ledger |
| 2017 | Under The Hoodie - Picked Off on the Kickoff | Rapid7 |
| 2017 | Ep 5: Pentest Fails | Hillbilly Storytime |
| Year | Talk | Event |
|---|---|---|
| 2023 | Security is everyone's responsibility | Cengage |
| 2023 | Hacking Ze Old World | |
| 2023 | YearUp | YearUp |
| 2020 | Zerologon | |
| 2020 | Okta SWA Hacking | |
| 2020 | I Haz Phishing Skillz | |
| 2020 | Security is everyone's responsibility | DotDash |
| 2020 | Most Fascinating Hacks 2019-2020 (Panel) | NVTC Capital Cybersecurity Summit |
| 2018 | Hacking Ze World | |
| 2017 | Ten Attacks That Always Work Sometimes | Rapid7 UNITED Summit |
| 2017 | Notify.py | |
| 2017 | Booth Talks | RSA Conference |
| 2015 | Security Death Match: Pen Tester vs Incident Responder | Rapid7 United Summit |
| 2014 | The Heartbleed Bug and Demo | |
| 2014 | Mac Attacks | |
| 2014 | Know Your Enemy: Hackers Versus Executives | Forrester Forums (Orlando & London) |
| 2012 | Windows Domain Compromise | Security BSides |
| 2012 | BSides getting paid I love what I do! | Security BSides |
| 2012 | Security BSides Talk | Security BSides |
| 2012 | Error based SQL Injection |
Loading latest posts...
| Years | Role | Company |
|---|---|---|
| 2024-present | Offensive Privacy Lead | TikTok |
| 2023-2024 | AI Security Researcher | RunSybil |
| 2011-2023 | Principal Security Consultant | Rapid7 |
| 2007-2010 | Senior Security Consultant | Texas DIR |
| 2004-2007 | Information Security Analyst | CIAS/UTSA |
Certifications
OSCP (Active) | NSA IAM/IEM (Active) | CISSP (Inactive) | CEH (Inactive)
Contact
For Fun
Leon's Resume Podcast - AI-generated podcast about my resume