I am an experienced penetration tester with a strong background in web-application security. I have disclosed vulnerabilities in organizations such as Microsoft, EE, TripAdvisor, The British Broadcasting Corporation, and EA.
Blue is an AIO web-based reconnaissance panel covering sub-domain enumeration, CMS and software detection via signatures and fingerprints, Google dorking, email harvesting, subdomain takeover scans, zone transfer checks, and more. Blue utilizes API’s from Shodan, Hunter.io, VirusTotal, and Spyse. Blue has a secure authentication system, automated payment and credit systems, and an automated report builder. Blue is written in Python 3 on top of the Flask framework.
ComScan spiders a given domain and scans all found files for comments in hopes of finding hard-coded passwords and API keys or other sensitive information. ComScan is written in Python 3, and makes use of many different libraries.
GitMail is a tool designed to be used during the OSINT stage of reconnaissance or for profiling in social engineering engagements. GitMail obtains email addresses of GitHub users, even when they have privacy options enabled, by scraping Git commits. GitMail is written in Python 3.
|AT&T||Hall of Fame|
|Microsoft||Hall of Fame (Apr. 2017)|
|PortSwigger||EA plugs RCE vulnerability that left gamers at risk of pwnage|
|TechCrunch||Security flaw in EA’s Origin client exposed gamers to hackers|
|The Sun||HACK ATTACK: Sims 4, Battlefield and Fifa players’ computers could be taken over by hackers|
|Gizmodo||EA Origin Users, Update Your Client Now|
|PCMag||Security Flaw Allowed Any App to Run Using EA’s Origin Client|
|BBC||Health records ‘put at risk by security bugs’|
|ZDNet||OpenEMR security flaws could have exposed millions of patient records|
|TechCrunch||Website flaw exposed a Canadian ISP’s entire customer database|
|TechCrunch||UK phone giant EE fixes bug that let customers gift data for free|
|Gizmodo||EE Fixed a Bug That Could Have Let Hackers Gift an Unlimited Amount of Data|