Who

I'm Nathan, a penetration tester, offensive security researcher, and tool author. In the security community I publish under moody (also professor-moody on GitHub). I work at the intersection of red team operations, hardware reverse engineering, and ML supply chain security.

Most of what's interesting about my work right now is the seams: target surfaces that have real attack value but no proper offensive tooling. Crucible is the first structure-aware fuzzer for ML model formats and inference infrastructure. Hemlock weaponises documents to test RAG defenses, operationalising PoisonedRAG and PhantomText into a single Go binary. Scorch is the offensive toolkit I wish existed when I first encountered Microsoft System Center Orchestrator on an engagement. Manta is academic research on weight steganography: covert channels in neural network weights and the defenses against them.

How this site works

m00dy.sh is a research notebook. Projects is the canonical index of what I'm building and researching, with both shipping tools and paper-staging investigations. Notebook is where I publish concept notes, methodology pieces, and dispatches from active work; these often become the foundation for later papers and conference submissions. Signal is a curated reading list and monthly digest of the work that's actually shaping how I think about offensive security.

Contact

Best email is professor.moody@pm.me. For coordinated disclosure on Crucible findings, route through the disclosure guide on the Crucible docs site. For Manta-related inquiries while the paper is under embargo, contact through the project repository.

Open to conference talks, guest posts, and coordinated-disclosure inquiries. For everything else, email or DM on the platforms below.