A security engineer with a passion for everything security. I build security tools and always have too many projects going on in parallel. When not glued to the screen, I do powerlifting, pick locks or I'm on some kind of adventure in the great outdoors.
Oct 05, 2018 Draw.io for threat modeling
Jun 09, 2018 Gitrob: Now in Go
Jul 21, 2017 Subdomain takeover detection with AQUATONE
Jun 18, 2017 Geolocating Miriam Steimer
Jun 17, 2017 AQUATONE: A tool for domain flyovers
Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.
AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.
Data Flow Diagrams (DFD) and Attack Trees are common tools when performing threat modeling of systems. Unfortunately there aren't a lot of tools out there to do this, which lead me to create custom libraries for doing both DFD and Attack Trees in the free and cros-platform draw.io diagramming tool.