I work on the internet’s worst problems for the world’s most comprehensive cloud computing platform. By day I lead a team of extremely competent people doing very serious security things. By night I build weird tools with names like kitphishr, ignore adult responsibilities, and occasionally try to take over domains that were misconfigured by someone named Dave.

I’ve spent the last decade neck-deep in malware, digital forensics, threat intel, and the kind of chaos that happens when you connect millions of devices to the internet and then act shocked when one of them starts exfiltrating data to somewhere like totally-not-russia.ru. I automate anything that looks at me funny, ethically hack things that are doing their best to stay un-hacked, and write tools that make blue-teams sweat just a little more than they’d like.

In my spare time, I pretend to be a competitive open water swimmer - because apparently, spending all day drowning in logs and packet captures isn’t wet enough. There’s something calming about swimming in freezing, bottomless lakes while reflecting on whether that DNS anomaly you saw earlier was a typo or the beginning of a breach.

On this blog, I have or will write about:

  • Accidentally discovering vulnerabilities
  • DNS disasters (yours, not mine)
  • Malware doing deeply weird things
  • Swimming stupidly long distances for fun and existential clarity
  • Internet sleuthing
  • Bug bounty hunts (for fame, fortune, and the occasional duplicate)
  • Turning “I wonder what would happen if…” into a CLI tool
  • Security war stories
  • Lessons from the swimming pool that somehow apply to security incident response
  • Occasionally being helpful

I live in UK, which is great for people who enjoy grey skies, overpriced pastries, and constant inner turmoil over whether to buy a mechanical keyboard you absolutely don’t need.

Contact

I’m on X and I use email - cybercdh at gmail dot com. Happy to chat about security, weird bugs, or your DNS regrets.