Skip to content
View liamromanis101's full-sized avatar
🎯
Focusing
🎯
Focusing

Block or report liamromanis101

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
liamromanis101/README.md

Click me [Headphones On]: Header preview


whoami

$ cat /etc/profile.d/liam.sh

NAME="Liam Romanis"
ROLE="Senior Cloud Security Consultant | Security Tool Developer |  Offensive Security Veteran"
EXPERIENCE="30 years in offensive security, vulnerability research and security assurance"
CURRENT_FOCUS="Kubernetes security Β· Container escape assessment Β· Cloud IAM Β· AI-assisted security tooling"
FORMER_ROLE="CESG CHECK Team Leader (1999–2023) β€” one of the longest continuous tenures in the scheme"
SECTORS="UK Government Β· MOD Β· Defence Primes Β· Financial Services Β· Telecomms Β· CNI Β· Commercial"
FOCUS="Manual testing excellence Β· Vulnerability research Β· Pragmatic risk-based assessment"
CURRENTLY="Developing cloud-native security tooling, researching Kubernetes attack paths and applying AI to security engineering workflows."

For hiring teams

I’m interested in senior roles involving cloud security engineering, Kubernetes security, security research, application security, product security and offensive security automation.

I combine three decades of offensive security experience with practical software development to build tools that help organisations secure modern cloud and containerised environments.


Current Research

  • Kubernetes container escape techniques
  • Linux namespace isolation
  • AWS IAM privilege escalation
  • Microsoft Entra Conditional Access
  • AI-assisted security analysis
  • Secure software tooling
  • Holistic Cloud Security
  • LLM Security
  • Github Security

ls -la /repos/

Click me: Repo feed preview

Pinned highlights

A bash script that runs inside a Docker or Kubernetes container and checks for escape vectors. Built for penetration testers and security teams doing container security assessments.

bash . Docker . Kubernetes . Linux . Vulnerabilities . Mitigations


πŸ› οΈ AWS-IAM-Policy-Audit

Python 3 tool to analyze AWS IAM policies for risky permissions. Tracks affected principals, simulates sensitive actions, detects privilege escalation patterns, and flags cross-account trust exposures. Outputs findings in Table, JSON, or CSV with severity scoring (0–100).

Python Β· AWS Β· IAM Β· PrivEsc Detection Β· Cloud Security


Python 3 tool which dentifies potentially insecure IAM role trust policies in your AWS environment. Specifically, it detects roles that allow cross-account AssumeRole access without enforcing ExternalId or MFA, which can pose a security risk.

AWS . Python . IAM


Python3 script which enumerates available subscriptions and storage accounts in each. It then tests for weak configuration items.

Azure . Storage Accounts . Python


Collection of scripts for testing M365 subscriptions (& Azure). Most of these scripts assume that access has been gained with a low privilege user account or that you are performing testing as a typical user where you do not have access to powershell. These scripts are intended for educational purposes or for authorized security assessments.

M365 . Python


This script gets a count of all users in the tenant for comparision. It then gets each Conditional Access Policy and enumerate all included and excluded users, groups and roles. It then gets the members of each group and users with each role, then it sorts and uniques all included users and members of groups and roles to get a count of all included users accounts. It performs the sam functions on excluded users, groups and roles to get a count of all unique excluded users. Because the script gets a count of all users in the tenant we can calculate the total number of users not affected by a policy [total users - total unique included users]. The script also gets a list of all included and excluded Apps and Resources. There is some output to the screen and a CSV file is output at the end.

Azure . PowerShell . Microsoft Entra ID . Conditional Access Policies


πŸ¦‘ Snecky

Passive network sniffing tool that simplifies detection and reporting of network protocols with weak configurations. Outputs results in Nessus-compatible format for seamless import into reporting tools.

Python Β· Network Security Β· Passive Recon Β· Nessus Integration


Proof-of-Concept for CVE-2025-29927 β€” a critical middleware bypass vulnerability affecting Next.js versions 11.x through 15.x. For authorised security testing and verification.

Python Β· CVE Research Β· Next.js Β· Web App Security


πŸ”§ Additional Tools (developed during engagements)

Tool Description
SNMPPLUX SNMP enumeration and analysis tooling
LibScanner Library/dependency scanning utility
ORR Offline reporting and review tool
SSLScanner (PHP) SSL/TLS configuration scanner
Azure MFA Auditor Identifies Azure users without MFA where standard tooling fails
Azure Conditional Access Extractor Extracts and analyses Conditional Access policies, outputs CSV artefacts
Azure Storage Assessor Internal and external Azure storage enumeration and assessment

cat experience.txt | grep sectors

βœ” UK Government & MOD                βœ” Defence Primes
βœ” Financial Services (MetroBank, ICAP, EBLF)   βœ” Telecommunications
βœ” Critical National Infrastructure   βœ” NHS & Central Government
βœ” Commercial Enterprise              βœ” SaaS & Cloud Platforms

GitHub Stats

Click me:

Stats preview


cat skills.txt

πŸ”΄ Penetration Testing & Offensive Security

Web App Infra Red Team TLPT OT/ICS Mobile Desktop MITRE SAP AI

☁️ Cloud & Identity Security

Azure AWS M365 IAM MFA Conditional Access

πŸ’» Languages & Development

Python Bash PHP C# Ansible Perl C/C++

🌐 Technologies Assessed

Web & Application Frameworks React Next.js Angular Node.js WordPress Drupal Shopify Django ASP.NET PHP GraphQL REST API OAuth/OIDC CSP

Identity & Directory Services Active Directory Azure AD LDAP Kerberos ADFS

Cloud Platforms AWS Azure M365

Container & Orchestration Kubernetes Docker

Network & Infrastructure SSL/TLS SNMP SAP

πŸ€– Artificial Intelligence & Security

OpenAI Claude AI Red Teaming Prompt Injection

πŸ… Certifications & Standards

CHECK TigerScheme CREST PRINCE2 ISO9001


β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚  "Security is not a product, but a process β€” and I've been in that           β”‚
β”‚   process longer than most frameworks have existed."                         β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

All tools and PoCs published here are intended for authorised security testing and research only.

Popular repositories Loading

  1. CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script CVE-2026-31431-Copy-Fail---Vulnerability-Detection-Script Public

    Detection Only.. working on an exploit PoC

    Shell 25 2

  2. DirtyFrag-Detector DirtyFrag-Detector Public

    CVE-2026-43284/CVE-2026-43500 'DirtyFrag' Benign patch & mitigation detection script

    Python 14

  3. MIFARE-Classic-Dump-Analyzer MIFARE-Classic-Dump-Analyzer Public

    This Python script analyzes .mfcdump files from Flipper Zero MIFARE Classic card reads, detects known keys, decodes access bits, reads accessible data blocks, and tries to identify the manufacturer…

    Python 6

  4. K8s-container_escape_audit K8s-container_escape_audit Public

    Look for possible escape vectors from a container

    Shell 6

  5. M365-Scripts M365-Scripts Public

    Collection of scripts for testing M365 subscriptions

    Python 5

  6. Snecky Snecky Public

    Tool to simplify detection and reporting or network protocols with weak configurations and output into a Nessus like format for import to reporting tools.

    Python 1