A practitioner's guide to the major cybersecurity frameworks governing financial institutions - DORA in the EU, the FFIEC guidelines in the US, and the SWIFT Customer Security Programme worldwide.
A practitioner's breakdown of PCI DSS v4.0 - its twelve requirements, the 2025 deadline for future-dated controls, and where organisations most commonly fall short.
After commissioning industrial systems across multiple sites, I've seen firsthand how far the real world sits from IEC 62443. This is what poor OT security looks like when nobody's watching.
Lightweight EDR agent for Windows written in C++17. Performs real-time process monitoring via the Toolhelp32 API (500 ms snapshots), extracts executable paths and PPID metadata, and applies path-based heuristics to detect masqueraded system binaries - e.g. svchost.exe or lsass.exe spawned outside System32. Suspicious processes are automatically terminated and all security events are written to a structured incident log with INFO / WARN / CRITICAL severity levels.
Full hardware security audit of the TP-Link TL-WR841N consumer router. Root shell obtained via UART (FT232 adapter, 115200 baud), WPA2 passphrases recovered from RAM-disk files, MTD flash partitions dumped via /dev/mtdblock, and active listeners decoded from /proc/net/tcp hex descriptors. Reference for embedded Linux attack surface analysis on MIPS/BusyBox IoT devices.
# get in touch
Open to freelance engagements, penetration testing, infrastructure reviews, and consulting.
