Hi there 👋
🔭 I’m currently working on platform security at Heroku Salesforce🌱 I’m currently learning Go, Container Security, Linux Kernel Primitives such as eBPF;SecComp, CAPS and much more!👯 I’m looking to collaborate on Container and Cloud security! Hack all the things!💬 Ask me about container security, cloud security, devsecops, hacking📫 How to reach me: https://twitter.com/brompwnie😄 Pronouns: He/Him⚡ Fun fact: I play in a Blues Rock band in London!
Public Speaking Engagements
- Blackhat
- Defcon 27
- DevSecCon London 2019 - Build to hack, hack to build
- BSIDES London 2019 - Build to hack, hack to build
- BruCon 2018 - Hunting Android Malware
- Troopers 18 - Hunting Android Malware
- BSIDES Lisbon 2018 - Hunting Android Malware
- DroidCon London 2018 - Hunting Android Malware
- DroidCon London 2017 - Hacking Android, a Hacker's narrative
- BSides Cape Town 2016 - What the Dll? Finding and Exploiting DLL preloading vulnerabilities
Post I've Written
- https://dev.to/brompwnie/modifying-go-s-crypto-ssh-library-for-cve-2020-9283-26a7
- https://blog.heroku.com/terrier-open-source-identifying-analyzing-containers
- https://blog.heroku.com/applying-seccomp-filters-on-go-binaries
- https://sensepost.com/blog/2016/rattleridentifying-and-exploiting-dll-preloading-vulnerabilities/
- https://sensepost.com/blog/2016/kwetza-infecting-android-applications/
- https://sensepost.com/blog/2015/hi-jack/
- https://sensepost.com/blog/2016/pwnbank-en-route-to-vegas/
Opensource Tools I've Created
- BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies.
- Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes.
- Uitkyk is a framework that allows you to identify Android malware according to the instantiated objects on the heap for a specific Android process.
- Kwetza is a tool that allows you to infect an existing Android application with a Meterpreter payload.
- Rattler is a tool that automates the identification of DLL's which can be used for DLL preloading attacks.
- Jack is a web based ClickJacking PoC development assistance tool.
