Cookie Engineer's Avatar
Hello, I'm Cookie Engineer,
probably a Mad Engineer with AI, NetSec, WebSec, and OSINT experience.

BTW my web log's over at /weblog
GitHub GitLab LinkedIn

Hello, fr1end.

I am Cookie Engineer (also known as 🍪🔧), and I'd like to welcome you to my website. This website mostly contains a curated list of my work and stuff I've built over the years but there may be those projects missing that were classified and I'm not allowed to publicly speak about.

My background has always been Web Technologies, Open Source, Artificial Intelligence (not only Machine Learning), and the creation of automated Self-Adapting Systems of all kinds. I solve problems by teaching machines how to solve it and I'm good at creating the Software Architecture behind it to make it possible.

I also create a lot of personal tools to automate my workflows. A huge part of my written software is Open Source, except the ones that are under NDA or were classified by my customers and contract partners (obviously). But I do believe in Open Source, just as I believe in the Robot Overlords.
Wanna pwn my machines? Then do not take a glance at my dotfiles and my dotvim repositories. It's strictly forbidden.

There's also a little hacking challenge hidden in this website. It's Open Source on GitHub and GitLab, too, in case you want to know how things work.

Enjoy your stay.

Cyber Defense/Security Work

My personal offered services include being an AI Engineer, Cyber/Web Analyst or IT-Security Consultant due to my specialization in Cyber Defense, Cyber Intelligence and the autonomous code generation parts behind Network Simulation environments.

Whenever I have enough time to spare I'm trying to automate the Web of Knowledge with my Project called the Tholian Network, which aims to automate the Semantic Web whilst using a unique distributed peer-to-peer Network Architecture combined with (co-)evolutionary adaptive AI methodologies and compositional game theory ideas to learn and adapt from user interactions with the Web.

Nevertheless my Areas of Work seem a bit random, as I'm fascinated by unusual problems that need automated Non-Human solutions. If you have interesting problems that need more efficient solving, don't hesitate to contact me.


Network Security

I have a huge depth in the knowledge of network protocols, their implementations and specification quirks that could lead to potential attack vectors.

This includes strong knowledge in network protocols such as TCP, UDP, MQTT, ICMP, SNMP, SOCKS, TLS and all protocols related to the Web such as HTTP/S, SPDY, QUIC, DNS, DNS over HTTPS, DNS over TLS, DNS-based Service Discovery, WebRTC and WS13.

Most of my open source software is peer-to-peer, meaning they use NAT traversal and NAT breaking techniques to find other local and global peers. Those techniques are similar to how malware often works, as most of them use DNS Exfiltration, Multicast and Relaying, and even PWNAT- or ICMP-spoofed attacks to contact their CNCs once they successfully infiltrated a device.

Network Analysis

My previous employments included building up Blueteams in the Cyber Defense space, wherein AI-based IDSes were being built, trained, and used in order to gain a strategical advantage on the Blueteam side.

My experience helped me to create a deep understanding of how to build trainable automated network security systems that can learn from traffic fingerprinting and the behaviour of networked nodes and their communications.

My work with co-evolutionary systems like backpropagated ES/HyperNEAT gives me the knowledge to create virtual simulations and pentesting scenarios that can be easily replicated and adapt to new infiltration targets.

Additionally those virtual environments usually are multi-agent simulations of vast network topologies and reuse existing PCAP files or streams from previous attack scenarios to train the CPPNs more efficiently.

Network Forensics

My past employers include varying Cyber Defense contractors for both the military and other big organizations. In my time there I've learned a lot about the God's Eye view of Internet Service Providers, and how they achieve large-scale observations and correlations of encrypted network connections.

In the past I also led the development of a large-scale co-evolutionary network forensics framework that analyzed, classified and verified correlations of networked data streams across the Clearnet, and in some cases including the Darknet (aka TOR or I2P).

Web Intelligence

First getting online at the age of 10, I spent most of my time learning things online. I see the Web as the knowledge of humanity at your fingertips.

Over the past years many of my projects were indirectly trying to automate the OSINT methodologies that still need human interaction to acquire information online, such as the Research and Stealth Browser projects.

My unique perspective with the usage of co-evolutionary AI systems allows me to build self-automating and self-adapting systems that help to exceed the frontiers of what you can do with the Knowledge on the Web.


Stealth Browser

GitHub GitLab

Stealth is an automateable Web Browser that focusses on increased Privacy, increased Automation, adaptive Semantic Understanding and efficient Bandwidth Usage, no matter the cost.

Stealth's Design Goals try to embrace the Automation of User Interaction wherever possible, so that users can focus on the important tasks while their Web Browser helps them to automate repetitive tasks that would consume time unnecessarily. As everything is on the Web, everything can be automated.

Its unique concept allows to automate and share Beacones (Site Adapters) and Echoes (Site Workflows) with other local Peers in the same Network - or global Peers connected to Radar, so that once a User automated a workflow for a specific Website others can simply reuse it, modify it or share it with their trusted Peers.

Radar Tracker

GitHub GitLab

Radar is a peer-to-peer Knowledge Tracker that allows to learn from a Network of connected Stealth Browsers, while helping its Users to discover Knowledge, related Articles, the History of Changes, Author Biases or more advanced Automation Features.

It integrates nicely with Beacons (Site Adapters) to automate the extraction of Knowledge, and Echoes (Site Workflows) to automate User Interactions with websites in a programmable, repeatable and scheduled manner.

Recon Forensics

GitHub GitLab

Recon is a Network Forensics App that acts both passive and active inside a Network, and tries to analyze observed Network Traffic incrementally to gain Intelligence about malicious actors or potentially vulnerable Targets.

Its Classifiers use AI techniques to have the capability to identify Network Traffic and to generate crafted payloads to scan remote services for vulnerable behaviours; while trying to show a list of related CVEs that the vulnerable Target should be checked against.

The design as a Web App for Linux is intended, so that it is deployable on Open Source smartphones; such as the Pine64 Pinephone or the Purism Librem 5. Additionally the background service allows to remotely deploy multiple instances, and gather intelligence about a Network's traffic behaviour remotely through SSH or other tunneling means.


Neuroevolutionary Decision Making

 - Frankfurt Data Science Meetup

GitHub GitLab YouTube
Screenshot of the Talk on YouTube

Talk Language: English

This talk is an in-depth talk into NEAT, the Neuro Evolution of Augmenting Topologies, a concept that allows to use the advantages of evolution and combines them with a process to discover how neural networks should be structured in order to solve a given problem.

ANN Guide

 - FrankfurtJS

GitHub GitLab YouTube
Screenshot of the Talk on YouTube

Talk Language: English

This talk focusses on Adaptive Neural Networks and their advantages or disadvantages in comparison with other Neural Network architectures. Additionally, it explains common (co-)evolutionary concepts, such as NEAT, HyperNEAT and ES/HyperNEAT from an architectural perspective.

JavaScript Level 9000

 - JSConf EU

GitHub GitLab YouTube
Screenshot of the Talk on YouTube

Talk Language: English

This talk focusses on the inner workings of a JIT compiler and how it tries to optimize JavaScript (ECMAScript) code inside the V8 VM. The talk contains examples across all data types and explains how they are handled by the Garbage Collector with its object instance and object lifetime tracing algorithms. Additionally it explains the structure of the Garbage Collection Tree and its horizontal and vertical dimensions by explaining how Callsite Analysis algorithms work.

High Performance JavaScript

 - KarlsruheJS

GitHub GitLab YouTube
Screenshot of the Talk on YouTube

Talk Language: German

This talk contains everything a developer needs to know in order to build blazing-fast and performant JavaScript-based applications. It also explains inner workings of Hidden Classes in V8, and how the Garbage Collector and JIT optimizer potentially (de-)optimizes the code.

Cross-Platform Games with lychee.js

 - onGameStart

Screenshot of the Talk on Vimeo

Talk Language: English

This talk explains the prototype of the lychee.js Library in order to evaluate how to port a Game Engine and its data structures via Bindings to the native OpenGL or WebGL context, and how to serialize and transfer those. Additionally it demonstrates which kind of implementations are necessary to achieve this, and what kind of code architectures and patterns have to be respected in order to do so.


If you want a chit-chat you can contact me on most of the Social Networks via the pseudonym @cookiengineer. Accounts owned by me are all linked at the top in the About Me section.

If you want to work together with me in a professional manner and have challenging problems to solve, you are invited to contact me via this form here. Note that this will open up an issue on GitHub with the given contact details.

If you want to stay anonymous, use a Telegram Secret Chat or a TOX Chat instead.
Please activate ECMAScript.
Sending message ...