VirtuProbe Studio
Blog
Notes on wire-level testing, hand-rolled protocol stacks, and building a multi-protocol request workbench as an independent shop. No growth-hacking, no listicles — just the stuff we think about while making the tool.
A practical walkthrough of AS-REP Roasting and Kerberoasting at the wire: talk straight to the KDC with a hand-rolled RFC 4120 stack, pull a crackable hash in hashcat format, and chain the whole thing off an LDAP lookup. For authorised testing, labs and CTF boxes.
Read the walkthrough →Request smuggling is one of the highest-impact web bugs and one of the most dangerous to confirm — the textbook proof traps a real user's request. How VirtuProbe finds CL.TE and TE.CL desync by timing instead, on a client that sends raw bytes, without poisoning a victim.
Read the walkthrough →Most real tests aren't one request — they're a sequence where each step depends on the last. How the value gets from one step to the next: extractors, {{variables}} and control-flow steps, across HTTP, DNS, SMTP and LDAP in one runnable chain.
Read the walkthrough →When a model can ship an integration in an afternoon, "write the code" stops being the bottleneck. Knowing it actually works — under load, against malformed input, on the protocol that doesn't quite follow the spec — becomes the whole job. Why the wire is the only source of truth left.
Read the essay →A friend called VirtuProbe a "nice, semi-serious project". He meant it kindly; it stung, and it was right. The distance between a semi-serious tool and one an engineer trusts with their day isn't the feature list — it's the focus ring, the missing keyboard shortcut, the dialog that won't take your cursor. Notes on the thousand small frictions nobody screenshots.
Read the essay →VirtuProbe started as a plugin to patch the seams of a web-security proxy that fought me the moment work spanned more than one target and more than one protocol. Here's how a nightly side project on Hack The Box turned into a standalone tool with nine hand-rolled protocol stacks — and why I stopped patching someone else's foundation.
Read the story →