About me

A security engineer with a passion for everything security. I build security tools and always have too many projects going on in parallel. When not glued to the screen, I do powerlifting, pick locks or I'm on some kind of adventure in the great outdoors.

Latest blog posts

My projects

Gitrob

Gitrob is a command line tool which can help organizations and security professionals find sensitive information lingering in publicly available files on GitHub. The tool will iterate over all public organization and member repositories and match filenames against a range of patterns for files that typically contain sensitive or dangerous information.

AQUATONE

AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources as well as the more common subdomain dictionary brute force approach. After subdomain discovery, AQUATONE can then scan the hosts for common web ports and HTTP headers, HTML bodies and screenshots can be gathered and consolidated into a report for easy analysis of the attack surface.

Data Flow Diagram and Attack Tree libraries for draw.io

Data Flow Diagrams (DFD) and Attack Trees are common tools when performing threat modeling of systems. Unfortunately there aren't a lot of tools out there to do this, which lead me to create custom libraries for doing both DFD and Attack Trees in the free and cros-platform draw.io diagramming tool.