About

I'm a freelance pentester (sometimes called "ethical hacker") and security researcher. Most of my jobs involve simulating hacker attacks and digging into the security (or lack of) of the target organization. Quite often, I end up researching the security of third party products my clients make use of. A few of my findings have been published here and there.

When dealing with customers directly, I use my German company, EnableSecurity. Sometimes I also supplement other penetration testing teams; other times penetration testing is part of a larger scope.

Tools

During the course of my work I often develop custom tools to help me get the job done. Some of them have been published, such as:
  • Web Exploit Payloads - A collection of payloads for common webapps and a tool to help generate them.
  • SIPVicious - for auditing SIP based VoIP systems. Has the ability to identify SIP phones, PBXs and other entities on the network. It can also find out which extensions are active on a PBX and bruteforce the password for these extensions.
  • wafw00f - allows one to identify and fingerprint WAF products protecting a website.
  • Surfjack - Forces web browsers to reveal their (insecure) cookies for HTTP and HTTPS sites. This is a demo of a security vulnerability that affected a large number of websites including online banks and common webmail such as Gmail.

Expertise

Throughout my work, I have specialised and focused on various niches both in the offensive and defensive security realm. The following are areas of interest where I am likely to be of help to your organisation:
  • VoIP and communications security
  • Security of payment gateway integration
  • Web application firewall vulnerabilities
  • Wi-Fi (in)security
  • Network and vulnerability scanners + offensive security tools
  • Password security, especially Active Directory user accounts, human patterns and behaviors with relation to passwords