Incident Responder turned developer

Cyber security nerd who enjoys building tools to support investigations. After leading numerous DFIR engagements, I have the pleasure of building tools to enrich the analysis of security incidents and enable efficient investigation. Threat data, infrastructure security, and data enrichment are among the problem spaces I enjoy focusing on. Generally tinkering with new Python packages, CLI tools, and data analysis utilities.

Skills: Python AWS DevOps DFIR Web development Django CDK Ansible Docker/Containers Rust Mentoring Project management

Projects

website screenshot

Luminaut

Luminaut is a utility to scope cloud environment exposure for triage. The goal is to quickly identify exposed resources and collect information to start an investigation.
Starting from the public IP addresses of AWS Elastic Network Interfaces (ENIs), Luminaut gathers information about the associated EC2 instances, load balancers, security groups, and related events. The framework also includes active scanning tools like nmap and whatweb, to identify services running on exposed ports, and passive sources like Shodan.
By combining cloud configuration data with external sources, Luminaut provides context to guide the next steps of an investigation.

PyPi GitHub
website screenshot

Python Forensics Handbook

Free reference for common tasks encountered when implementing DFIR scripts. These short snippets provide copy/paste templates to use to start parsing registry hives, analyzing Windows events, and reporting on JSON data. Open for contributions on GitHub and for use in your project!

Website GitHub
website screenshot

Secure development for all

A collection of resources to ease the process of integrating secure development practices. Includes a roadmap with suggested tools and how to install and configure them.

GitHub
website screenshot

RDP Snitch Honeypot

A honeypot that you can set up in a weekend to capture RDP traffic and share out findings via a Mastodon/Twitter/Pastebin bot. Includes enrichment of the observation and aggregation of statistics.

Blog Series Mastodon

Books

Book cover

Python Digital Forensics Cookbook

This book exhibits many of the Python libraries commonly used in digital forensics through small scripts (or recipes). Across the 60+ recipes, we explore how to process files with embedded metadata, parsing common file and registry artifacts, processing evidence stored as E01 files, integrating Python with common tools such as Axiom, EnCase, and Cellebrite, and much more. This book is available as Paperback & E-Book.

Packt Publishing Amazon GitHub
Book cover

Learning Python for Forensics

Learn the art of designing, developing, and deploying innovative forensic solutions through Python scripting. Staring with the basics and building on them chapter by chapter with practical examples. This book is available as Paperback & E-Book.

Packt Publishing Amazon GitHub

Solutions to my business card Sudoku puzzles: Puzzle 1, Puzzle 2, Puzzle 3, Puzzle 4, and Puzzle 5