Jonathan M.
Bio
I have always just been an outright geek. I am a self-taught penetration tester, and a self-taught programmer. I also have a degree in computer forensics. For ~10 years I was fortunate enough to work on security for several interesting projects for FAANG companies, banks, military, large gambling organisations, etc. where I ended up specialising in code review, social engineering, and thick client testing/reverse engineering.
For the most recent ~10 years, I have worked as a programmer – but have always kept current/passionate about security. I program predominantly in C# with .NET Core, but also have written projects in Golang, Rust, Java, C++, etc. I enjoy backend programming work, and writing code to solve difficult problems, quickly.
I have worked as the technical lead for exaprojects for several years. This includes all aspects of design, programming, infrastructure creation, monitoring, and maintenance, as well as leading a small team of programmers and QA testers.
Experience/Education
2018 – Current – exaprojects (construction industry project management startup), UK
- Technical Lead.
2015 – 2018 – DirectLine Group (FTSE 100 insurance company), UK
- Senior Penetration Tester. Note: I was technically self-employed, but worked a long term
contract for 3 years here.
2015 – 2018 – PentestPartners (penetration testing services), UK
- Senior Penetration Tester. Note: self-employed, overlapping/working as a contractor doing
predominantly secure code review.
2007 – 2015 – NCC Group (penetration testing services), UK/Global
- Senior Penetration Tester.
2005 – 2007 – eLINIA (web hosting), UK
- Network engineer/cable monkey.
2006 – 2007 – University Of Wales (formally University of Glamorgan)
- Studied for a Master’s in Computer Security (Scholarship)
2003 – 2006 – University Of Wales (formally University of Glamorgan)
- B.Sc. Computer Forensics (1st class honours)
Misc: Have the Offensive Security Certified Professional (OSCP) qualification.
Interesting Projects (Programming)
- Distributed File Server
o Golang/C – backend for exaprojects. Does absolutely everything, deduplication, encryption, reedsolomon/erasure coding, directIO, self-healing bitrot protection, “enhanced” zip downloads
(meaning we are able to generate zip files of thousands of files on the fly at 100s MB/s by hacking
at the golang zip internals/crc32 magic/zlib spec). Based on the Facebook haystack storage model
and optimized for efficient storage of millions of smaller files.
- Distributed Realtime Collaboration
o TypeScript/C# - using webRTC in conjunction with websockets and pdf.js, was able to make a
custom “annotation” layer so that multiple participants can annotate the same document in
realtime together, whilst broadcasting any changes to all parties instantly. Annotations were then
“burned in” on the backend so that a PDF of the photo/document, etc. could be downloaded.
Extremely fast/all cryptographically secure. Lots of maths, wouldn’t recommend it. Also plugged in
with realtime voice/voice transcription using google’s speech engine. Ie. during a meeting, notes
would automatically be taken based on the contents of the call.
- Full text search engine
o Rust – a plugin for Postgres which allowed for a distributed full text search to be carried out in
conjunction with a standard db query. Postgres has some real problems with its full text search
engine, which this aimed to fix. Used in conjunction with a custom DSL I created, allowing users of
exaprojects’ advanced search to do stuff like “files uploaded last 2w and ‘electric’ within 200 of
(‘safety’, ‘certificate’) and user = xxx and ……..” included stemming (ie. “electric” would return
results for “electricity”, “electrical”, etc. etc.)
- Version Control System
o C#/SQL magic - Design and implementation of a file tree system which would be able to record
“snapshots” of hundreds of thousands of files/folders to allow for offline browsing easily and
viewing what a file/folder structure looked like a specific point in time, and showing all subsequent
changes.
- High throughput authorization
o C# - custom authorization layer to replace .NET Core’s user model. Able to handle tens of
thousands of auth requests on a single server, a lot faster than the standard.
- High throughput database inserts framework
o C# - a generic library to take a list of objects and use Postgres’ binary copy (in conjunction with
optionally locking/reserving IDs) to allow for pre-calculated bulk inserts of ~70k rows/s (vs ~3k with
a standard bulk insert).
- World of Warcraft bot
o C# – A pixel-based bot which used novel methods to determine player location, etc. which had not
been thought of before. Designed to play against other players in battlegrounds in WoW Classic.
The methods used here actually became the fundamentals for a document diffing piece of
software, which incorporated pathfinding and pixel-based comparisons to draw boxes around
areas of change (as opposed to the traditional colour overlay)
- Misc – have found some interesting bugs in .NET core and some popular libraries by being an early
adopter.
Interesting Projects (Security)
- WinShareEnum (https://github.com/nccgroup/WinShareEnum)
o C#/WPF – tool to enumerate SMB shares, and their contents in large organisations.
Presented at defcon.
- VCG (https://security.web.cern.ch/recommendations/en/codetools/vcg.shtml)
o VB/Winforms – tool to perform static code analysis for a wide array of languages where it is
not possible to fully compile the application.
- WCFer-ngng/JDSer-ngng/AMFer-ngng (https://github.com/nccgroup/WCFDSer-ngng)
o Java – a burp suite plugin to allow for automated SQL injection (etc.) inside WCF/Java
Object/AMF serialized objects over-the-wire. Included as a default plugin now for burpsuite.
- JMBSoft Password Management
o C++ - hooking into various win32 APIs on domain controllers/local desktops during the
password changing process. Ie. Pressing ctrl+alt+delete -> change password -> type new
password would provide realtime feedback if the password typed into the rdp/client screen
was in a list of compromised passwords, was too short, lacking complexity, var1ati0n of a
b4nn3d word, etc.
- Random Hooking tool
o C++/C#/WPF – hooking into various internal win32 crypto functions and allowing for
modification of things (ie. WSASend) before being sent out. Similar to
https://www.rohitab.com/apimonitor but worse.
- Exploit dev
o C/Python/Misc – have found/sold several remote code execution vulnerabilities in various
pieces of software.
- eDiscovery Project
o C#/golang – was approached as a contractor by a UK construction company which needed to
present evidence against malpractice for a recent cladding scandal. Involved reverse
engineering a common application (mailstore) and optimising the extraction process for
several TB of emails (which would have taken months) to complete in a reasonable
timeframe, include deduplication, and index results for offline analysis.
Effectively CTO for a bootstrapped startup in a high traffic, large number of users environment.
Have had a number of contracts over > 10 years, involving penetration testing and bespoke programming/reverse engineering work for a number of FAANG, global companies. Including long term (> 3 year) renewals.
Contact Jonathan to enquire about their availability for a project.
- Unavailable at this time.
- Jonathan is happy to be contacted by recruitment agencies.