Andy G

Glasgow, Scotland, United Kingdom
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
Andy G is an experienced penetration tester based in Glasgow with 11 years in information security, specializing in web application, infrastructure and OSINT assessments. He balances professional client-facing engagements with active security research—from HackerOne bug bounties to embedded hardware hacking—and has materially improved tools like CredMaster to expand Azure/Microsoft coverage and evade throttling. Andy runs the local Glasgow Defcon meetup, blending community leadership with hands-on technical work, and brings a pragmatic, FAFO-minded engineering approach to offensive tooling. Outside infosec he trains in karate, reflecting a disciplined, attack-minded ethos that carries into both red-team operations and tool development.
code11 years of coding experience
github-logo-circle

Github Skills (17)

python10
apidoc10
microsoft10
it-security10
authentication10
microsoft-azure10
security10
api10
bruteforce10
http-request10
azure10
protocols10
auth10
slack-integration9
api-security8

Programming languages (16)

PowerShellC#JavaC++CSSCTeXGo

Github contributions (5)

github-logo-circle
knavesec/CredMaster

Sep 2022 - Nov 2022

Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
Role in this project:
userSecurity Engineer
Contributions:16 reviews, 15 commits, 11 PRs in 2 months
Contributions summary:Andy primarily focused on enhancing the `credmaster` tool, a password-spraying utility, by integrating features like Slack notifications, color-coded output, and support for various authentication methods. They updated plugins for services like Okta, Azure SSO, MSOL, and O365, adding logic to detect success, failure, and MFA scenarios. Furthermore, the user introduced new modules for AzVault and MSGraph, expanding the tool's capabilities to cover additional Azure and Microsoft services. The contributions demonstrate a focus on expanding and improving a security tool designed for password spraying.
improvedbrute-forcebeatrefactoredpassword-spraying
ZephrFish/Wordlists

Sep 2017 - Aug 2020

Various Payload wordlists
Contributions:24 commits, 23 pushes, 1 branch in 2 years 10 months
bugbountypayloadpenetration-testingwordlistsinfosec
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial