Portfolio — 2026 · Brisbane, AU · AEST

Security, engineering, & mischief.

I'm Jack Stone. I build things that break things — carefully, then I write down what I learned. This site is one of them.

scroll ↓
01 — About

I spend my days
making brittle things
harder to break.

My focus is offensive and defensive security tooling — things that scan, deceive, protect, and analyse at the edges of what a single binary can do.

I've been circling programming and security for about six years — most of that time as a curious reader poking at things. The last three or so have been the hands-on stretch, where I actually started building and breaking the things I used to only read about.

Outside the public repos I keep a home lab: a stable of VMs I use to detonate live malware samples against commercial antivirus products — and against a detection engine of my own that isn't public yet. It's the environment where "should work" gets kicked repeatedly until it either holds up or I understand exactly why it doesn't.

The projects below are built under YurilLAB: a reconnaissance framework (Kmap), an enterprise honeypot platform (QPot), and an anonymity transport layer designed against 20 years of Tor/I2P research attacks (GPTL). Each one is meant to stand on its own and to play well with the others.

Heads up: these projects are young and I'm the only one working on them. Expect rough edges, half-finished corners, and the occasional bug that slipped past me. If you find one — or want to argue about a design choice — open an issue on the repo. That's the fastest way to get it into the fix queue.

03 active projects under YurilLAB, spanning offence and defence
10+ classes of modern anonymity-network attacks that GPTL defends against
🦀 scuttling across this page somewhere below
Yuril ecosystem — public projects and the private defence suiteYurilLAB publishes three open projects (Kmap / QPot / GPTL). Yuril Security is a separate private endpoint-defence suite built from three modules (YurilAntivirus, YurilTracking, Lockdown) that consumes telemetry from Kmap and QPot but not from GPTL.YurilLABOPEN SUITEOFFENCEKmaprecon & scanningDECEPTIONQPotenterprise honeypotsANONYMITYGPTLtransport layerdata feeddata feed(transport only)YURIL SECURITY · PRIVATEendpoint defence suite — consumes the offence & deception feedsYurilAntivirusmulti-engine AV · GoYurilTrackingnetwork monitor · RustLockdownhardening · Rust
Three open projects under YurilLAB, plus Yuril Security — a separate, private endpoint-defence suite (YurilAntivirus, YurilTracking, Lockdown) whose detection engines consume telemetry from Kmap and QPot. GPTL is a transport layer, so it intentionally doesn't feed in.
02 — What I'm into

The parts of
the craft
I circle back to.

I'm drawn to the seam between offence and defence — the place where you can't really build one without thinking like the other. A scanner is a detector in reverse. A honeypot is an exploit chain watched from the other side of the glass. Most of what I build lives on that seam on purpose.

On a good day I'm reading a paper from 2003 about an attack I'd never heard of, finding that it still works against something shipping today, and then writing the smallest possible thing that either demonstrates it or stops it. That's the whole loop: read, try, write down what broke.

I'm also a bit of a tool nerd — I'll spend an evening sharpening a debugger workflow or a log pipeline if it means future-me spends less time squinting at output. Good tools pay back every session.

Outside the keyboard: home-lab hardware I've rebuilt more times than I should admit, write-ups from other people doing similar work, and the occasional CTF when I want a reality check on how much I still don't know.

03 — The toolbox

What I reach for
when the lights go red.

A rough inventory — the languages, infrastructure, research, and specs that show up again and again across the projects above. Not a complete list, just the things I'd pull off the shelf first.

Languages
  • RustGPTL, YurilTracking, Lockdown
  • GoQPot, YurilAntivirus
  • C++17Kmap core & nmap fork
  • Pythonglue, analysis, quick PoCs
  • TypeScriptSvelte, dashboards, this site
  • Bashops & lab automation
Infrastructure
  • Dockerevery service ships as a container
  • gVisor · Kata · FirecrackerQPot sandbox backends
  • ClickHousehoneypot event store
  • SQLiteembedded state for Kmap
  • Nginxreverse proxy, TLS edge
  • Home labVMs for detonating live samples
Research & reference
  • MITRE ATT&CKtactic/technique tagging in QPot
  • NIST NVDCVE corpus behind Kmap's cve-map
  • Tor / I2P threat litGPTL's defence design
  • Team CymruASN + GeoIP enrichment
  • T-Pot CEreference for honeypot deployment
  • Academic papersusually the 2003-2015 vintage
Standards & specs
  • FIPS 140-3crypto module validation
  • FIPS 197 (AES)symmetric primitives
  • FIPS 203 (ML-KEM)post-quantum KEM
  • RFC 7748 (X25519)classical key exchange
  • RFC 8439 (ChaCha20-Poly1305)AEAD fallback
  • RFC 1928 (SOCKS5)GPTL client transport
04 — Selected Work

A handful of
things I've built.

Offensive security 2026

Kmap

A fork of nmap extended with active pentesting and internet-scale reconnaissance. Adds default-credential probing (280+ built-in pairs), HTTP/S recon with 180+ high-value paths, a bundled 10,100+ CVE cross-reference database, PNG screenshots of discovered web ports, and a --net-scan pipeline that can discover, fingerprint, and catalogue services across the public IPv4 space. One binary, one SQLite file.

C++17SQLitenmap forkNPSL
01 — read the write-up →
Deception / honeypots 2026

QPot

An enterprise-grade honeypot platform built on T-Pot CE with gVisor / Kata / Firecracker sandboxing, per-honeypot CPU/memory/PID limits, optional ClickHouse analytics, stealth & anti-fingerprinting, auto MITRE ATT&CK classification, automated IOC extraction, TTP session analysis, alert webhooks, and native integration with the Yuril Security suite. Packaged around a single Go CLI.

Go 1.23+DockerClickHouseMIT
02 — read the write-up →
Anonymity / networking 2026

GPTL

General Purpose Transport Layer — a next-generation anonymity network with named defences against 10 attack classes from 2005–2024 Tor/I2P/VPN research. Defences include WTF-PAD, Vanguards, RPKI-aware AS-diverse routing, Poisson-jittered timing, DoH/DoT, and a WebRTC guard, all layered under hybrid X25519 + ML-KEM-768 post-quantum key exchange. Three security levels (standard / enhanced / maximum) via the gptl CLI. Crypto is FIPS 140-3 through aws-lc-rs.

Rust 1.75+aws-lc-rs (FIPS 140-3)ML-KEM-768MIT / Apache-2.0
03 — read the write-up →
05 — Get in touch

Say hello. (Carefully.)

open to collab open to work Brisbane · AEST

Best places to find me are GitHub and Discord. I'm happy to hear from people who want to collaborate, work together, or compare notes on something weird — whether that's a contract gig, a research idea, a CTF team, or just a bug report on one of the projects above.

GitHub YurilLAB issues, PRs, discussions on any of the repos above