Patrick Double

I work in offensive security, with a focus on web applications, APIs, LLM, ML, secure code review, and security tooling. I develop practical tools and automation to improve testing efficiency. Here you’ll find my projects, research, and ramblings.

Posts

  • Apr 8, 2026

    LLM Tool Batching

    I discovered while working on Cyber-AutoAgent-ng, that LLMs perform better invoking tools with arguments as a batch rather than instructing the LLM to loop over data to make tool calls.

  • Apr 7, 2026

    Cyber-AutoAgent-ng: openai/gpt-oss-20b vs. ginandjuice.shop

    This is a report generated by Cyber-AutoAgent-ng 0.8.0 and openai/gpt-oss-20b. Although this model may be run locally, for speed I’ve used NVidia NIM. I have run into tool calling errors running gpt-oss-20b on NVidia NIM vs. locally. For a 20b model, gpt-oss does a good job locally.

  • Apr 7, 2026

    Cyber-AutoAgent-ng 0.8.0

    Cyber-AutoAgent-ng 0.8.0 is available. This is a big change with much improved coverage and performance optimizations.

  • Apr 6, 2026

    Cyber-AutoAgent-ng: moonshotai/kimi-k2.5 vs. ginandjuice.shop

    I’m doing final testing of Cyber-AutoAgent-ng 0.8.0. The biggest change is the task system that facilitates large coverage of the target regardless of the context size. Here are the key parameters for this run.

  • Apr 2, 2026

    Capturing Terminal Output to Video

    My terminal recording tool of choice is asciinema. You can use asciinema to publish your recordings. For those more interested in controlling their content (like me), I’ll show how to create MP4 videos with open source tools.

  • Mar 26, 2026

    Cyber-AutoAgent-ng Memory Refactor Needed

    While testing the task system I found incorrect assumptions about how mem0 works. For plans and tasks it is being used as a NoSQL database and it is not. For findings it seems fine, although the stated benefit and use case of mem0 isn’t being leveraged.

  • Mar 24, 2026

    GitHub Actions: Delete untagged images

    TIL of a GitHub action that deletes untagged images from the container registry. Using CI workflows you can end up with a lot of untagged images in your registry. Here is a snippet of how to clean those up after a successful build.

  • Mar 20, 2026

    Docker Multiple Platform Builds: Go and Cargo

    Docker lets you build for multiple platforms (i.e. amd64 and arm64) in the same build process and publish a multi-platform build. Generally this requires an emulator in the docker process, like qemu, which isn’t difficult to do. However, some things will not compile correctly and are better done with cross compiling. For example: Go and Rust.

  • Mar 20, 2026

    Cyber-AutoAgent-ng

    The latest open source project I’ve been working on is a fork of the archived Cyber-AutoAgent. It is an offensive security agent with broad reasoning and goals at the top-level with plugable modules specifying more narrow targets. My fork is at https://github.com/double16/Cyber-AutoAgent-ng.

  • Mar 6, 2026

    BloodHound Ephemeral Docker Container

    If you use BloodHound, I maintain an ephemeral docker image that runs with Kasm or standalone. (I enjoy Kasm for many reasons, check it out sometime.) It has a quicker start-up time because I let the database initialize at build time rather than runtime.

  • Feb 17, 2026

    Wild West Hackin' Fest 2026 - Denver

    I was accepted for my first conference talk at Wild West Hackin’ Fest in Denver, CO!

  • Feb 1, 2025

    Kasm Workspaces Offensive Toolset

    TL;DR: I am currently using Kasm Workspaces, which is a containerized solution, for my offensive security toolset. It solves a lot of problems for me. In my GitHub repo I have an Ansible playbook to install it to 99% of what I need. Others should be able to use it with little customization.

  • Sep 17, 2024

    Dual Booting Kali and Parrot

    I recently acquired two monitors that included a laptop with it. I decided to use it as a disposable attack machine. Disposable in the sense that I can re-image it without data loss. Now, Kali or Parrot OS? I’ve been using HackTheBox pwnbox which is Parrot for a bit. How about both!

  • Sep 12, 2024

    Creating Personas using AI

    When working bug bounties, you’re going to create users. Some of the profile information can take a minute to think up, at least for me. Now, I’ve created an AI bot to create personas for me and they are pretty good. I get a name, billing and shipping address, username, password, fake credit card, personal interests, bio, tag lines, a resume and more.

  • Sep 4, 2024

    AI Bot for Explaining Cookies

    Artificial Intelligence (AI) gets a lot of attention. I was skeptical at first, but after using ChatGPT instead of DuckDuckGo, I was impressed. After asking for it to write some code for me, then I was really impressed. I recently watched Practical AI for Bounty Hunters. Wow.

  • Sep 3, 2024

    Crawling Large Sites

    I’ve been working on bug bounties and the tools I use for crawling HackTheBox machines do not scale well for large, public sites. These are a few things I’ve learned, and my methodology will improve as time goes on.

  • Jun 12, 2024

    HackTheBox Sau Report

    HackTheBox “Sau” Machine
    Penetration Test Report

  • Jun 11, 2024

    HackTheBox Hospital Report

    HackTheBox “Hospital” Machine
    Penetration Test Report

subscribe via RSS