Andy G is an experienced penetration tester based in Glasgow with 11 years in information security, specializing in web application, infrastructure and OSINT assessments. He balances professional client-facing engagements with active security research—from HackerOne bug bounties to embedded hardware hacking—and has materially improved tools like CredMaster to expand Azure/Microsoft coverage and evade throttling. Andy runs the local Glasgow Defcon meetup, blending community leadership with hands-on technical work, and brings a pragmatic, FAFO-minded engineering approach to offensive tooling. Outside infosec he trains in karate, reflecting a disciplined, attack-minded ethos that carries into both red-team operations and tool development.
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
Role in this project:
Security Engineer
Contributions:16 reviews, 15 commits, 11 PRs in 2 months
Contributions summary:Andy primarily focused on enhancing the `credmaster` tool, a password-spraying utility, by integrating features like Slack notifications, color-coded output, and support for various authentication methods. They updated plugins for services like Okta, Azure SSO, MSOL, and O365, adding logic to detect success, failure, and MFA scenarios. Furthermore, the user introduced new modules for AzVault and MSGraph, expanding the tool's capabilities to cover additional Azure and Microsoft services. The contributions demonstrate a focus on expanding and improving a security tool designed for password spraying.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.