Advisories & CVE's I am attributed on

• Advisory: Multiple vulnerabilities in Karakeep
• Advisory: A valid Microsoft session can be abused to reset the users password and remove multi-factor authentication (MFA) in order to takeover an account.
• CVE-2024-41808: Unauthenticated log injection to account takeover
• CVE-2024-37893: MFA bypass in OAuth flow may lead to compromise of Firefly III data
• CVE-2024-30931: Stored XSS in Emby webhook notifications leads to admin account takeover
• CVE-2024-32868: Improper lockout mechanisms may lead to bypass in Zitadel
• CVE-2024-30248: Raw SVG loading may lead to complete data compromise from Piccolo admin page
• CVE-2023-47128: SQL Injection via named transaction savepoints in Piccolo
• CVE-2023-46238: Stored XSS leading to a one click silent account takeover in Zitadel
• CVE-2023-41885: Piccolo time based user enumeration
• CVE-2023-33170: Security Feature Bypass In ASP.NET and Visual Studio – Race Condition

Conference Talks & Workshops

• Breaking into Cyber Security - Panel
  • KawaiiCon (Day 1)(Day 2) - November 2025


• Your voice confirms my identity - Talk
  • BSides San Francisco - May 2024
  • Wellington ISIG - 2024
  • Christchurch Hacker Conference - November 2024


• An introduction to web application security through Python - Half day workshop
  • Kiwi PyCon XIII - August 2024
  • Christchurch Hacker Conference - November 2024

My open source projects

A short list of my more popular / useful open source projects.

Total downloads for all packages listed below: 1,812,480

• discord-anti-spam
  - Total downloads: 928,515
  - A library agnostic Discord anti spam package.
• bot-base
  - Total downloads: 504,051
  - A feature rich discord bot base to subclass and hit the ground running. Archived.
• function-cooldowns
  - Total downloads: 97,866
  - A simplistic decorator based approach to rate limiting function calls.
• alaric
  - Total downloads: 97,480
  - A simplistic yet powerful asynchronous MongoDB query engine.
• zonis
  - Total downloads: 31,901
  - Agnostic IPC for Python programs.
• skelmis-docx
  - Total downloads: 22,645
  - A fork of python-docx but with everyday features I need.
• idox
  - Total downloads: 16,453
  - A CLI or embedded tool for easily downloading IDOR'd files from a burp request or raw url.
• logoo
  - Total downloads: 15,289
  - A Python package for easy openobserve log ingestion.
• Other packages not named here: 98,280

N.B. Totals are updated daily and include known proxies so are not entirely representative of real numbers. This is a PyPi limitation, so I'll take what's offered.
Package stats last updated: today