Morgaine Timms

I’m an infosec nerd, security engineer, penetration tester, CTFer, and former software engineer. Oh, and I’m working on my OSCP.

I sometimes write security-focused software, blog posts, and CTF writeups for challenges I solved.

Here are a few of the most recent:

AngstromCTF2019: No Sequels 1 && 2

MongoDB query selectors and blind injection

PlaidCTF2019: Can You Guess Me

Code injection in a simple python application

AngstromCTF2019: One Bite

XOR of a byte-wise XOR

AngstromCTF2019: Paper Bin

Hexeditors can be very useful

Contact

Email: PGP key
Github: Sh3r4
LinkedIN: Morgaine

Infosec Experience

• vulnerability assessment
• application security auditing
• secure code reviews
• network security auditing
• dependency management
• corporate incident response
• log analysis and threat hunting
• creating and leading training programmes
  • basic corporate security awareness programme
  • developer specific application security programme
• ISO 27002/27001 compliance
• SIEM setup and ongoing management
• IDS setup and ongoing management
• threat surface analysis

Developer Experience

• Golang
  • Custom dependency management tooling
  • Graph database visualisation
• C#
  • WPF Desktop Applications
  • SharePoint applications
• typeScript / javaScript
  • web-based code editor
  • custom code completion engine
• python
  • academic test delivery platform
  • psychology/neurology study data collection
• SQL
  • complex data migrations
  • investigation and reconstruction of damaged datasets