- 🔭 Product Security at HashiCorp
- 📫 How to reach me: @brompwnie.bsky.social
- 😄 Pronouns: He/Him
- Blackhat
- Defcon 27
- DevSecCon London 2019 - Build to hack, hack to build
- BSIDES London 2019 - Build to hack, hack to build
- BruCon 2018 - Hunting Android Malware
- Troopers 18 - Hunting Android Malware
- BSIDES Lisbon 2018 - Hunting Android Malware
- DroidCon London 2018 - Hunting Android Malware
- DroidCon London 2017 - Hacking Android, a Hacker's narrative
- BSides Cape Town 2016 - What the Dll? Finding and Exploiting DLL preloading vulnerabilities
- https://dev.to/brompwnie/modifying-go-s-crypto-ssh-library-for-cve-2020-9283-26a7
- https://blog.heroku.com/terrier-open-source-identifying-analyzing-containers
- https://blog.heroku.com/applying-seccomp-filters-on-go-binaries
- https://sensepost.com/blog/2016/rattleridentifying-and-exploiting-dll-preloading-vulnerabilities/
- https://sensepost.com/blog/2016/kwetza-infecting-android-applications/
- https://sensepost.com/blog/2015/hi-jack/
- https://sensepost.com/blog/2016/pwnbank-en-route-to-vegas/
- BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies.
- Terrier is a Image and Container analysis tool that can be used to scan OCI images and Containers to identify and verify the presence of specific files according to their hashes.
- Uitkyk is a framework that allows you to identify Android malware according to the instantiated objects on the heap for a specific Android process.
- Kwetza is a tool that allows you to infect an existing Android application with a Meterpreter payload.
- Rattler is a tool that automates the identification of DLL's which can be used for DLL preloading attacks.
- Jack is a web based ClickJacking PoC development assistance tool.