$ cat profile.txtOffensive Security Engineer and Penetration Tester based in Nairobi, Kenya.
Expertise in bug bounty research, vulnerability & malware research, and red team operations.
I find the gaps before attackers do β then help organizations close them for good.
Currently serving as Cyber Security Engineer @ Durrafx and Information Security Engineer @ Foresight Tech Group, while running active bug bounty research on HackerOne. Member of the Kenya Cyber Security and Forensic Association.
- π΄ Red teaming payment & authentication platforms at Durrafx
- π Hunting bugs across web, API, and mobile targets on HackerOne
- π SOC operations & log analysis at Foresight Tech Group
- π Deepening expertise in mobile app security and malware analysis
Offensive
Penetration Testing Red Teaming Bug Bounty Vulnerability Research Malware Analysis Social Engineering
Domains
Web Security API Security Mobile Security Network Security Financial Systems
Frameworks & Standards
OWASP PTES PCI-DSS MITRE ATT&CK
Languages & Tools
Python Go Bash Burp Suite Docker Metasploit Wireshark Nmap SIEM
Defensive
Log Analysis Incident Response Threat Modeling IDS/IPS Secure Code Review
| Project | Description | Stack |
|---|---|---|
| ARP | ARP spoofing tool β intercepts DNS traffic and exfiltrates to a remote server | Python, Scapy |
| PhoneBook-Vault | All possible Kenyan phone number combinations for OSINT/recon use | Data |
| Note-Weave | Minimal, elegant note-taking app | JavaScript |
ποΈ Writeups & disclosures coming soon β follow to stay updated.
$ cat availability.txt
β Open to penetration testing engagements
β Available for red team operations
β Bug bounty collaborations welcome
β Security consulting & advisoryπ¬ Reach me at njerumtwaiti@proton.me or connect on LinkedIn.