Morgaine Timms:

The Blog

I’m an infosec nerd, security engineer, penetration tester, CTFer, and former software engineer. Oh, and I’m working on my OSCP.

I sometimes write security-focused software, blog posts, VulnVM and CTF writeups. Here are some interesting ones:

Placeholder image

Dependencies During Development

Barely Managing
series: KotCW zine devops blog ReadTime:4

This was originally published in the Kult of the Cyber Witch Zine, issue 01: Dependencies During Development: Barely Managing Software relies on dependencies, but managing them is a hard problem. They quickly become numerous and interwoven, stacking up technical debt and hiding serious vulnerabilities under mountains of abstraction. But disaster can be avoided by taking a regimented approach to inclusion, identification, and remediation. So, why is dependency management so hard?

Continue Reading >

Placeholder image


series: Plaid2019 misc python CTFs blog ReadTime:5

Why Understanding Your Application's Language is Important: PlaidCTF 2019

Continue Reading >

Placeholder image

W1R3S Walkthrough

a vulnerable VM by SpecterWires from Vulnhub
vulnhub vm walkthrough blog writeups ReadTime:6

A walkthrough for the W1R3S: 1.0.1 vulnerable VM by SpecterWires from Vulnhub

Continue Reading >


Email: ‘morgaine @ [this-domain]’
Github: Sh3r4
LinkedIN: Morgaine

Infosec Experience

  • vulnerability assessment
  • application security auditing
  • secure code reviews
  • network security auditing
  • dependency management
  • corporate incident response
  • log analysis and threat hunting
  • creating and leading training programmes
    • basic corporate security awareness programme
    • developer specific application security programme
  • ISO 2700227001 compliance
  • SIEM setup and ongoing management
  • IDS setup and ongoing management
  • threat surface analysis

Developer Experience

  • Golang
    • Custom dependency management tooling
    • Graph database visualisation
  • C#
    • WPF Desktop Applications
    • SharePoint applications
  • typeScript / javaScript
    • web-based code editor
    • custom code completion engine
  • python
    • academic test delivery platform
    • psychology/neurology study data collection
  • SQL
    • complex data migrations
    • investigation and reconstruction of damaged datasets