▚
Read the binary, then the spec.
Documents lie about intent. Bytes don't. Before I trust a system I read what it actually does — even when that takes a weekend and a debugger.
freelance + collab — channel open
▸operator@haxurn.tech:~$ whoami
Sami.also known as Haxurn
Cybersecurity enthusiast, full-stack developer, and aspiring music producer.
addis ababa · ET age 18 stack · ts-first
◴ local · realtime
--:----
addis ababa, ethiopia·9.03° N · 38.74° E
⌗ objective · v0.1
Engineer @ Solvix Labs · building in private
38%
▸ eta · 2026-Q2building
▚ Aboutfile · about-01
/07
Hacker by day, producer by night.
I'm Sami — online I go by Haxurn. I spend most of my week reading binaries, writing TypeScript, and chasing small discoveries that make systems safer or interfaces calmer.
Joined INSA in 2023 while still in grade 9 — youngest in the room, learning security from people who'd been doing it for a decade. Picked up Python and CTFs in early 2024, then shifted to full-time TypeScript development by mid-year.
Today I'm an engineer at Solvix Labs LLC, working on a private product. On the side, I build and maintain plugins for the Better Auth ecosystem and contribute to open source.
manifesto · operator doctrinethree tenets · unsigned
◈
Exploit to understand. Ship to protect.
Offense teaches geometry the defense never sees. I keep both hats within reach — but the code I write exists to close the doors, not open them.
✦
Small discoveries, compounded.
A better null-check. A clearer error. A plugin shipped on a quiet Sunday. The work stacks. The worth of a year is the honest sum of its smallest wins.
— haxurn · addis ababa
▚ Projectsfile · projects-02
/07
Things I'm building in public.
All repossignals · intake06 indicators · liveupdated · 2026·04
- Years coding3◆since 2024
- Years on security3◆INSA · 2023→
- PRs upstream12+◆Better Auth ecosystem
- Plugins shipped4◆auth · waitlist · mw
- CTF solves80+◆web · crypto · pwn
- TS stackHono·Next◆strict mode only
▚ Craftfile · craft-03
/07
Two windows open at any given time.
The work happens in two places: a terminal hunting weak signals, and an editor turning those lessons into typed, tested code.
haxurn@tech — zsh
❯ ./recon --target acme.corpstarting asset discovery…22/tcp OpenSSH 9.6 hardened443/tcp nginx/1.25 (TLS) healthy8080/tcp debug endpoint exposed3000/tcp api gateway rate-limiteddep: CVE-2024-3094 in xz-utilscritical4 services / 1 critical finding# report: /tmp/recon-2026-04-19.json✓ done in 2.1s❯
better-middleware/session.ts
1// lib/middleware/session.ts2import { cache } from "react";3import { auth } from "@/lib/auth";4 5export const getSession = cache(async () => {6 const session = await auth.api.getSession({7 headers: headers(),8 });9 10 if (!session) return null;11 return session as Session;12});
▚ Journeyfile · journey-04
/07
A short timeline, long enough to matter.
field log · personal04 entries · classified
- 01▸ timestamp2023#2023✦entry.01
Joined INSA
Started at the Information Network Security Administration while still in grade 9. Youngest in the room, learning from people who'd been doing this for a decade.
- 02▸ timestamp2024 / early#2024-01✦entry.02
Started coding — Python + CTF
Wrote my first real scripts in Python. Went deep on CTFs and cybersecurity — reversing, crypto, binary exploitation. The work mattered more once I could automate it.
- 03▸ timestamp2024 / mid#2024-06✦entry.03
Shifted to TypeScript
Pivoted hard into development — TypeScript across the stack, React, Next.js, Hono. Started contributing to Better Auth and building plugins for its ecosystem.
- 04▸ timestamp2026 / now#2026✦entry.04
Engineer at Solvix Labs
Currently building a private product at Solvix Labs LLC. Security-minded, TypeScript end-to-end. Shipping code, not just exploiting it.
◉credentials · sealed05 endorsements · verified
INSA
Information Network Security · analyst
since 2023 · grade 9 entry
Solvix Labs LLC
Engineer · private product
2026 → now
Better Auth
Core contributor · plugins
12+ PRs upstream
Capture the Flag
Web · crypto · pwn
80+ solves
Open Source
Author · 4 plugins
auth · waitlist · mw · MIT
— countersigned · haxurnrev · 2026.04
▚ Skillsfile · skills-05
/07
What I work with day-to-day.
◢module · 01
05 itemsCybersecurity
// Day job.
- Web penetration testing[90]
- Web security[85]
- Cryptography[75]
- Reverse engineering[70]
- Binary exploitation[60]
◤module · 02
07 itemsProgramming
// Daily driver.
- TypeScript / JavaScript[92]
- Python[90]
- React / Next.js[88]
- HTML / CSS[80]
- Hono[75]
- Bash[70]
- C / C++[65]
◈module · 03
03 itemsMusic production
// Still learning.
- DAW[40]
- Beat making[35]
- Sound design[25]
▚ GitHubfile · github-06
/07
Every green cell was a small win.
A year in commits. Cached for an hour, pulled live from the public profile.
▚ Contactfile · contact-07
/07
Say hi. I read everything.
Fastest way is email — I usually reply within 24–48 hours. GitHub and Instagram are open too.
transmission · channelsonline
- PRIMARYlatency · 24-48hhaxurn@gmail.com
- GITlatency · code@haxurn
- VISUALlatency · rare@haxurn
- DIRECTlatency · invite@haxurn
◉ roster · 4 nodespriority · email
transmit.exe — compose message
● rec▸ operator@haxurn:~/inbox$ compose --to=haxurn --priority=high