I’m a penetration tester. I break into networks, applications, and devices for a living, then write up how I did it so the people who own them can make it stop.
The work spans a few areas. Internal and network testing, including Active Directory and AD CS abuse, relaying, and credential attacks. Web and application testing, increasingly including LLM and AI-backed apps assessed against the OWASP LLM Top 10 and agentic threat vectors. OT and ICS assessment, where the rules are different and the priority is not breaking the plant. And embedded and firmware work, pulling devices apart to see how they actually behave on a network.
The deliverable of all of this is a report. A finding nobody can read, reproduce, or action is not much use, so I treat the writing as part of the job rather than the afterthought. Clear severity, honest risk in context, reproducible steps, and remediation a stretched team can actually follow. I hold multiple industry certifications, and I care more about understanding a system properly than about running point-and-shoot scans against it.
Everything client-related on this blog is abstracted to technique level and aggregated across engagements. Nothing here maps to a specific organisation, and that is deliberate.
The rest of the site is the work I do because I enjoy it: firmware teardowns, an over-engineered home lab, a honeypot, RF and SDR, and whatever else I’m currently taking apart. It is the same instinct as the day job, applied to things I’m allowed to break without asking. If something looks like a black box, I usually want to open it.
Find me here: