// identity

Bugsy Hewitt

Digital Necromancer

Bug bounty hunter — offensive security researcher

Scroll to descend

Every system has its dead

Not gone, but forgotten

Lost services and secrets

Buried in shallow graves

I make them speak

HackerOne✦Immunefi✦ Bugcrowd✦OSINT✦ Recon✦Web3✦ Smart Contracts✦Bug Bounty✦ Responsible Disclosure✦Attack Surface✦ API Security✦IDOR✦ SSRF✦XSS✦ Penetration Testing✦Vulnerability Research✦ HackerOne✦Immunefi✦ Bugcrowd✦OSINT✦ Recon✦Web3✦ Smart Contracts✦Bug Bounty✦ Responsible Disclosure✦Attack Surface✦ API Security✦IDOR✦ SSRF✦XSS✦ Penetration Testing✦Vulnerability Research✦

01 — currently raising

Grimoire

Animating what was meant to stay still.

AlienClaw

Evolvable agent infrastructure where tool-composition genomes evolve and compete, enabling group improvement leaderboards.

AgentsAI Inspect ↗

graverobber

External recon and attack-surface discovery — drags exposed assets out of unmarked graves before anyone else maps them.

ReconPython Inspect ↗

possession

Authorized exploitation framework — takes the host quietly and completely, only ever inside a signed scope.

ExploitationPython Inspect ↗

exhumed

Secret and credential extraction — disinters keys, tokens and passwords buried in code, config and commit history.

SecretsPython Inspect ↗

unearth

Subdomain and service enumeration — maps everything still breathing beneath an organisation’s surface.

EnumerationGo Inspect ↗

seance

Public-commit secret scanner — summoning secret streams and dragging leaked souls from their graves.

SecretsRecon Inspect ↗

02 — disciplines

Specialities

Three crafts, one operator.

Discipline / I

Audio / Video / Media

A full studio — sound and image, written, produced, mixed and mastered end to end.

▸Music production
▸Mixing & mastering engineering
▸Songwriting & composition
▸Audio engineering
▸Sound design & post
▸Reaper — recording & production
▸Premiere Pro — video editing
▸Photoshop — design & visual

Discipline / II

AI & Automation

Most hunters work with one set of hands. This is a fleet — autonomous agents running recon, tooling and triage in parallel.

▸Autonomous agent orchestration
▸Multi-agent pipelines at scale
▸LLM tooling & MCP server design
▸Security automation pipelines
▸AI-assisted recon & triage
▸Custom offensive tooling
▸Prompt & workflow engineering
▸Rapid prototyping — idea to shipped

Discipline / III

Offensive Security

Web and web3 targets taken apart by hand — the bugs scanners walk past. Disclosed across HackerOne and Immunefi.

▸Web application penetration testing
▸IDOR & broken access control
▸SSRF, blind SSRF & request smuggling
▸Stored & DOM-based XSS
▸Business logic flaws
▸Web3 & smart-contract attack surface
▸API security testing
▸Recon, OSINT & responsible disclosure

03 — the rig

The Loadout

Two rigs, one operator — the offensive stack that finds the bugs, and the studio that scores everything else. Curated, sharpened, mostly hand-built.

Offensive

Burp Suite Professional
Caido
Custom Grimoire suite
AI-assisted recon & triage
Manual-first methodology

Engineering & AI

Python
Claude Code
Custom MCP servers
Multi-agent orchestration
Git

Environment

III

BlackArch / Kali Linux
Neovim
tmux
Docker
Self-hosted infrastructure

Studio Software

Reaper
FabFilter
Waves
Soundtoys
Toontrack / STL Tones

Studio Hardware

Audient interface
Shure
Audio-Technica
Electro-Voice
Kali Audio monitors

Instruments

Gibson
Fender
Ibanez
Alesis keyboard
Ernie Ball

04 — the séance

Initiate Contact

Found something I should see — a target, a collaboration, a contract? The veil is thin. Reach through.

Bugsy Hewitt — Digital Necromancer USA · MMXXVI Status: Operational