GithubHelp home page GithubHelp logo

πŸ”‘ Intro:

Andy has been consulting in offensive security for over a decade, focusing on red teaming and simulated attacks with a side of threat intelligence and purple teaming. Leading engagements of varying sizes and lengths, helping grow teams and encouraging risk-driven understanding.

image

βœ”οΈ Projects:

⌨️ Blog:

I post most of my research and other interesting tutorials on my blog

πŸ“š Book:

For those that don't know Andy, he is a firm believer in passing knowledge on and supporting the infosec community he does this by providing tutorials on his blog running his local DEF CON Chapter & has also published two books Breaking into Information Security and LTR102. He also helps out at DEF CON as a SOC Goon (Red Shirt) too each year (since DC25), assisting the SOC with operations and people flow.

🎀 Talks:

2024

2023

2022

2021

2020

2019

2018

πŸ† Bug Bounty:

πŸ“› Badges

Andy has been in the IT security industry for just over 15 years, a decade of which has been dedicated to security and offensive operations. He previously held CREST’s CCT Infrastructure certification, which is highly sought-after, and CHECK Team Leader status. In addition to his years in the industry, he holds several other certifications and accolades, including CRTO, OSCP, and OSWP.

Andy | ZephrFish's Projects

rengine icon rengine

reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information.

reportcompiler icon reportcompiler

A tool for importing vulnerability scanner data and then allowing you to manipulate the risks, affected hosts, and create risk ordered output.

responder icon responder

Responder is a LLMNR, NBT-NS and MDNS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication.

sandboxspy icon sandboxspy

Code for profiling sandboxes - Initially an idea to profile sandboxes, the code is written to take enviromental variables and send them back in a Base32 string over HTTP to an endpoint.

scout icon scout

Scout - a Contactless Active Reconnaissance Tool

screenfetch icon screenfetch

Fetches system/theme information in terminal for Linux desktop screenshots.

seclists icon seclists

SecLists is the security tester's companion. It is a collection of multiple types of lists used during security assessments. List types include usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, and many more.

sendemail icon sendemail

lightweight, command line SMTP email client

sharpedrchecker icon sharpedrchecker

Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, installed drivers and each drivers metadata, all for the presence of known defensive products such as AV's, EDR's and logging tools.

sherlock icon sherlock

πŸ”Ž Hunt down social media accounts by username across social networks

snaffler icon snaffler

a tool for pentesters to help find delicious candy

sonyapilib icon sonyapilib

Sony Smart Device C# API Library for remote control

spiderfoot icon spiderfoot

SpiderFoot automates OSINT collection so that you can focus on analysis.

sploitctl icon sploitctl

Fetch, install and search exploit archives from exploit sites.

static-tools icon static-tools

Static compiled binaries + scripts ready to use on systems

subscraper icon subscraper

External pentest tool that performs subdomain enumeration through various techniques. In addition, SubScraper will provide information such as HTTP & DNS lookups to aid in potential next steps.

sysmon-config icon sysmon-config

Sysmon configuration file template with default high-quality event tracing

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.