About me

I am an experienced penetration tester with a strong background in web-application security. I have disclosed vulnerabilities in organizations such as Microsoft, EE, TripAdvisor, The British Broadcasting Corporation, and EA.

Skills

Projects

Blue

Blue is an AIO web-based reconnaissance panel covering sub-domain enumeration, CMS and software detection via signatures and fingerprints, Google dorking, email harvesting, subdomain takeover scans, zone transfer checks, and more. Blue utilizes API’s from Shodan, Hunter.io, VirusTotal, and Spyse. Blue has a secure authentication system, automated payment and credit systems, and an automated report builder. Blue is written in Python 3 on top of the Flask framework.

ComScan

ComScan spiders a given domain and scans all found files for comments in hopes of finding hard-coded passwords and API keys or other sensitive information. ComScan is written in Python 3, and makes use of many different libraries.

GitMail

GitMail is a tool designed to be used during the OSINT stage of reconnaissance or for profiling in social engineering engagements. GitMail obtains email addresses of GitHub users, even when they have privacy options enabled, by scraping Git commits. GitMail is written in Python 3.

Recognitions

AT&T Hall of Fame
Microsoft Hall of Fame (Apr. 2017)
PortSwigger EA plugs RCE vulnerability that left gamers at risk of pwnage
TechCrunch Security flaw in EA’s Origin client exposed gamers to hackers
The Sun HACK ATTACK: Sims 4, Battlefield and Fifa players’ computers could be taken over by hackers
Gizmodo EA Origin Users, Update Your Client Now
PCMag Security Flaw Allowed Any App to Run Using EA’s Origin Client
BBC Health records ‘put at risk by security bugs’
ZDNet OpenEMR security flaws could have exposed millions of patient records
TechCrunch Website flaw exposed a Canadian ISP’s entire customer database
TechCrunch UK phone giant EE fixes bug that let customers gift data for free
Gizmodo EE Fixed a Bug That Could Have Let Hackers Gift an Unlimited Amount of Data
rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora