I work on the internet’s worst problems for the world’s most comprehensive cloud computing platform. By day I lead a team of extremely competent people doing very serious security things. By night I build weird tools with names like tracr, dirlstr, and mxfckup, ignore adult responsibilities, and occasionally try to take over domains that were misconfigured by someone named Dave.

I’ve spent the last decade neck-deep in malware, digital forensics, threat intel, and the kind of chaos that happens when you connect millions of devices to the internet and then act shocked when one of them starts exfiltrating data to somewhere like totally-not-russia.ru. I automate anything that looks at me funny, ethically hack things that are doing their best to stay un-hacked, and write tools that make blue-teams sweat just a little more than they’d like.

In my spare time, I pretend to be a competitive open water swimmer - because apparently, spending all day drowning in logs and packet captures isn’t wet enough. There’s something calming about swimming in freezing, bottomless lakes while reflecting on whether that DNS anomaly you saw earlier was a typo or the beginning of a breach.

On this blog, I write about:

My tools solve real problems with questionable naming conventions:

  • tracr - Finds dangling DNS nameservers at scale
  • dirlstr - Discovers open directory listings politely
  • webscout - Aerial reconnaissance without the wreckage
  • mxfckup - Audits email configs before they audit you
  • S3AccountFinder - Attributes S3 buckets to AWS accounts
  • psl - Hunts dangling CNAMEs using public suffix boundaries
  • kitphishr - Extracts phishing kit metadata
  • nsfckup - Identifies NS record vulnerabilities

I live in the UK, which is great for people who enjoy grey skies, overpriced pastries, and constant inner turmoil over whether to buy a mechanical keyboard you absolutely don’t need.

Contact

I’m on X and I use email - cybercdh at gmail dot com. Happy to chat about security, weird bugs, or your DNS regrets.