Security Engineer by profession, Hacker by passion
I've been breaking things professionally for almost a decade as a Product/Application Security Engineer, but I've been tinkering with security for 20 years (yes, I started young π).
πΌ WatchTower - VSCode extension that scans your workspace for malicious configurations, invisible Unicode threats, and dangerous IDE attack vectors β fully local, fully open source.
π How To Test Secrets - A visual, interactive cheat-sheet for testing whether leaked API keys and secrets are still valid β pick a service and get a ready-to-run command.
π MirageVM - Javascript virtual machine for code obfuscation. It can be used to protect sensitive client side logic with custom bytecode. Supports all Javascript features through a custom low level language (Private project)
π‘οΈ Orgsec Guide - A comprehensive checklist and guide for organizations looking to implement a robust cybersecurity program
π₯ XXExploiter - Tool to help exploit XXE vulnerabilities. Generates XML payloads and automatically starts a server to serve DTD's or do data exfiltration
πͺ VSCode Swissknife - Scriptable VSCode extension to generate or manipulate data. Stop pasting sensitive data in webpages
π DamnVulnerableCryptoApp - An app with intentionally insecure crypto implementations. Perfect for testing/exploiting weak cryptography and learning crypto without diving deep into the math
#οΈβ£ hash-identifier-js - Port from hash-identifier to javascript
Daily drivers:
JavaScript/TypeScript β’ Node.js β’ Express β’ React
Python β’ Django β’ Flask
The old friends (a bit rusty, but we go way back):
Java β’ Spring β’ Ruby/Rails β’ C# β’ PHP
π€ Occasional speaker at security conferences
π Currently trying to write a fictional book (stay tuned!)
βοΈ Sharing knowledge on TheSecurityVault