A flexible Selenium-based password spraying tool designed to evade common WAF detections.
View ProjectWho I Am
As a kid, I dreamed of becoming a hacker. But once I broke into cybersecurity, I found that people had made cybersecurity exceptionally boring. I spent most of my time in spreadsheets filled with CVEs and assembling dull PowerPoint presentations for leadership. That experience shaped my approach to security, and I now work to change it. I bring cybersecurity to life for my customers by telling engaging stories and making risk tangible to everyone (even people who don't know what CVEs are).
Featured GitHub Projects
PassInspector is built to parse through a list of cracked passwords to identify patterns that could indicate a weak password policy.
View Project
This script automates the exploitation of the BadSuccessor vulnerability, and can be executed from a Windows host that is not domain-joined.
View ProjectLatest Blog Posts
RC4 No More
2026-03-06
Microsoft recently announced that the Kerberos RC4 encryption algorithm will be disabled in the April Windows Update (More Reading). It will be able to be re-enabled until the July Windows Update, at which point it will be completely removed and there will be no option to re-enable it (More Information).
Active Directory-Integrated DNS Abuse
2026-02-24
This post explores how attackers can exploit Active Directory–integrated DNS to create or modify records, enabling name resolution hijacking, credential interception,...
GPO Link Abuse
2025-12-15
This post analyzes how improper permissions over GPO links can allow attackers to change policy scope or enforce malicious configurations across targeted OUs or domain...