Apr 2014 – Present

Regional Head of Incident Response & Threat Intelligence

NCC Group

Responsible for leading a team of cyber security specialists, providing incident response & threat intelligence services to clients.
Aug 2005 – Apr 2014
London, UK

Cyber Security Specialist

UK Government

Various roles, including technical research, vulnerability management, and incident response for the Critical National Infrastructure.

Recent Publications

This technical note discusses a relatively undocumented implant used by the APT10 group. This is named “Red Leaves” after …

This technical note discusses a version of Sakula uploaded to VirusTotal on the 25th April 2016. The sample initially looked …

In March Microsoft published security advisory 2953095, detailing a remote code execution vulnerability in multiple versions of …

Recent Posts

In a waiting room this week I opened a newspaper to find the following puzzle, named “Suko” (a trademark of Puzzler). Various approaches exist to solving them manually and it’s possible to play online. However they are an excellent candidate for an SMT solver so I decided to implement one using pysmt. The puzzle The idea behind Suko is simple (manually solving is not!). In the puzzle above the following requirements must be met:

During the recent site cleanup I decided to disable comments and remove (most) previous comments from the site. This post explains my reasoning.

I’ve given this site a long overdue tidy, finally moving away from Wordpress to a static site.

This post is entirely based on my opinions. If you don’t want to read a post about my opinions there are plenty of excellent videos on YouTube. You have been warned.

Banks and financial institutions are constantly giving out advice about email safety, helping customers to avoid phishing scams. Make sure the email is genuine, don’t click on links, never give your personal information away online. Sensible advice, unless the financial institution doesn’t make it easy to actually verify their emails.



Kart Timing Mk1

A basic kart timing system, built from scratch

PCB0001 - 18F breakout

A PIC 18F breakout board, suitable for prototyping

PCB0003 - Breadboard supply

A 5v / 3.3v breadboard power supply circuit

PCB0006 - RFM12 breakout

A breakout for the popular RFM12 radio module

PCB0002 - LED matrix

A simple 8x8 LED matrix, with a cute ghost :)

Eagle library

Some useful components for Cadsoft Eagle

GNU Screen Config

A tabbed setup for screen (archived content)

Nautical signal flags

Free flags for use in projects (SVG / PNG / ICO formats available)

VB6 RichTextBox control

Extending VB6 controls with the Win32 API (archived content)

VB6 reverse DNS

Obtaining PTR records using Visual Basic 6 (archived content)

MOTD maker

Easily create coloured MOTD messages (archived content)

ROT Util

The Caesar cipher in a simple Windows GUI (archived content)