Director of Technology Services with 12+ years protecting organisations across Africa, the Middle East, and beyond. Trusted by Fortune 500 companies and global institutions.
Open-source tools published on GitHub for the cybersecurity community.
Audits FortiGate firewall configurations for security, compliance, and best practices. Automated analysis of security policies.
View on GitHubAnalyses and audits Cisco configurations for security, compliance, and best practices across network devices.
View on GitHubTool to perform baseline review against Unix operating systems as per CIS benchmark standards. Comprehensive compliance checking.
View on GitHubPython script that audits cracked credentials, checking password length, complexity, reuse, and generating colorised reports. Exports to CSV.
View on GitHubSharing knowledge on cybersecurity tools, techniques, and research.
A deep dive into auditing cracked credentials for password strength, complexity patterns, and reuse detection across enterprise environments.
Read ArticleStrengthen your Cisco network by automating configuration audits with ease. A practical guide to security compliance checking.
Read ArticleEnhancing firewall security with automated analysis of FortiGate configuration files for misconfigurations and compliance gaps.
Read ArticleAn in-depth approach to auditing Oracle E-Business Suite, covering default credentials, weak passwords, application-level tests and database security controls.
Read ArticleThe third instalment of the Shodan to RCE series, discovering and exploiting vulnerabilities in Belkin routers found exposed on the internet.
Read ArticleKey takeaways from Blackhat Europe 2017 in London, with links to slide decks, videos, and tools from briefings and demonstrations.
Read ArticleExploring how misconfigured Jenkins automation servers exposed on the internet can lead to full remote code execution.
Read ArticleExploiting the Samba remote code execution vulnerability (CVE-2017-7494), where all versions from 3.5.0 onwards were vulnerable to a malicious shared library upload attack.
Read ArticleThe second part of the Shodan to RCE series, exploiting misconfigured Dreambox digital TV set-top boxes for remote code execution.
Read ArticleHands-on walkthrough of the NSA's EternalBlue and DoublePulsar exploits using Metasploit, the tools behind the WannaCry outbreak.
Read ArticleReconnaissance and security testing techniques for Microsoft Sharepoint, using Google dorks and OWASP Top 10 vulnerability checks.
Read ArticleLeveraging MS Word documents for social engineering, capturing NTLM hashes without macros using a clever spear-phishing technique.
Read ArticleAuditing Oracle E-Business Suite from an insider threat and external attacker perspective, uncovering information disclosure in ERP systems.
Read ArticleContinuation of the lateral movement series, focusing on techniques for privilege escalation and moving through a Windows domain environment.
Read ArticleDigging into the Huawei HG8245H router configuration, analysing suspicious parameters like X_HW_MonitorCollector and external server URLs.
Read ArticleA baseline security auditing script for Linux and Unix operating systems, modelled around CIS benchmark controls that runs in under 2 minutes.
Read ArticleExploring the Huawei HG8245H home router, from default credentials to privilege escalation and full configuration extraction.
Read ArticleHow a normal domain user with no admin privileges can exploit Group Policy Preferences (GPP) passwords to become local administrator across the organisation.
Read ArticleLooking for an experienced cybersecurity consultant? With 12+ years in the field and recognition from the world's top companies, I'm ready to help.