Skip to main content
I run detailed security assessments to help understand our current posture and identify areas that need attention. From code vulnerabilities to cloud configurations and compliance gaps, I provide comprehensive analysis with actionable insights. Here are a few examples:
Cloud security assessment
Run a comprehensive cloud security assessment.
Code security assessment
Where do we stand with our code security?
Log4Shell assessment
Identify and mitigate risks from the critical Log4j remote code execution vulnerability.
GameOver(lay) assessment
Evaluate Ubuntu systems for local privilege-escalation risks in OverlayFS.
NVIDIA Triton Python backend assessment
Check for exposure to vulnerabilities in NVIDIA Triton's Python backend affecting data and code integrity.
Shai-Hulud npm supply-chain worm assessment
Self-propagating worm compromising npm packages, harvesting secrets and exfiltrating via attacker-controlled repos and webhooks to quickstart.
Shai-Hulud 2.0 npm supply-chain worm assessment
Self-propagating Shai-Hulud 2.0 npm worm abusing malicious preinstall scripts to steal developer tokens and cloud secrets and exfiltrate them to attacker-controlled repos.
XZ Utils Backdoor assessment
Assess exposure to the XZ Utils supply-chain backdoor and detect potential compromise paths.
And if it’s something you want checked regularly, just let me know. I’ll put it on my task list, keep an eye on it, and update you when it matters.