$ cat /etc/profile.d/liam.sh
NAME="Liam Romanis"
ROLE="Senior Cloud Security Consultant | Security Tool Developer | Offensive Security Veteran"
EXPERIENCE="30 years in offensive security, vulnerability research and security assurance"
CURRENT_FOCUS="Kubernetes security Β· Container escape assessment Β· Cloud IAM Β· AI-assisted security tooling"
FORMER_ROLE="CESG CHECK Team Leader (1999β2023) β one of the longest continuous tenures in the scheme"
SECTORS="UK Government Β· MOD Β· Defence Primes Β· Financial Services Β· Telecomms Β· CNI Β· Commercial"
FOCUS="Manual testing excellence Β· Vulnerability research Β· Pragmatic risk-based assessment"
CURRENTLY="Developing cloud-native security tooling, researching Kubernetes attack paths and applying AI to security engineering workflows."Iβm interested in senior roles involving cloud security engineering, Kubernetes security, security research, application security, product security and offensive security automation.
I combine three decades of offensive security experience with practical software development to build tools that help organisations secure modern cloud and containerised environments.
- Kubernetes container escape techniques
- Linux namespace isolation
- AWS IAM privilege escalation
- Microsoft Entra Conditional Access
- AI-assisted security analysis
- Secure software tooling
- Holistic Cloud Security
- LLM Security
- Github Security
A bash script that runs inside a Docker or Kubernetes container and checks for escape vectors. Built for penetration testers and security teams doing container security assessments.
bash . Docker . Kubernetes . Linux . Vulnerabilities . Mitigations
π οΈ AWS-IAM-Policy-Audit
Python 3 tool to analyze AWS IAM policies for risky permissions. Tracks affected principals, simulates sensitive actions, detects privilege escalation patterns, and flags cross-account trust exposures. Outputs findings in Table, JSON, or CSV with severity scoring (0β100).
Python Β· AWS Β· IAM Β· PrivEsc Detection Β· Cloud Security
Python 3 tool which dentifies potentially insecure IAM role trust policies in your AWS environment. Specifically, it detects roles that allow cross-account AssumeRole access without enforcing ExternalId or MFA, which can pose a security risk.
AWS . Python . IAM
Python3 script which enumerates available subscriptions and storage accounts in each. It then tests for weak configuration items.
Azure . Storage Accounts . Python
Collection of scripts for testing M365 subscriptions (& Azure). Most of these scripts assume that access has been gained with a low privilege user account or that you are performing testing as a typical user where you do not have access to powershell. These scripts are intended for educational purposes or for authorized security assessments.
M365 . Python
This script gets a count of all users in the tenant for comparision. It then gets each Conditional Access Policy and enumerate all included and excluded users, groups and roles. It then gets the members of each group and users with each role, then it sorts and uniques all included users and members of groups and roles to get a count of all included users accounts. It performs the sam functions on excluded users, groups and roles to get a count of all unique excluded users. Because the script gets a count of all users in the tenant we can calculate the total number of users not affected by a policy [total users - total unique included users]. The script also gets a list of all included and excluded Apps and Resources. There is some output to the screen and a CSV file is output at the end.
Azure . PowerShell . Microsoft Entra ID . Conditional Access Policies
π¦ Snecky
Passive network sniffing tool that simplifies detection and reporting of network protocols with weak configurations. Outputs results in Nessus-compatible format for seamless import into reporting tools.
Python Β· Network Security Β· Passive Recon Β· Nessus Integration
Proof-of-Concept for CVE-2025-29927 β a critical middleware bypass vulnerability affecting Next.js versions 11.x through 15.x. For authorised security testing and verification.
Python Β· CVE Research Β· Next.js Β· Web App Security
| Tool | Description |
|---|---|
| SNMPPLUX | SNMP enumeration and analysis tooling |
| LibScanner | Library/dependency scanning utility |
| ORR | Offline reporting and review tool |
| SSLScanner (PHP) | SSL/TLS configuration scanner |
| Azure MFA Auditor | Identifies Azure users without MFA where standard tooling fails |
| Azure Conditional Access Extractor | Extracts and analyses Conditional Access policies, outputs CSV artefacts |
| Azure Storage Assessor | Internal and external Azure storage enumeration and assessment |
β UK Government & MOD β Defence Primes
β Financial Services (MetroBank, ICAP, EBLF) β Telecommunications
β Critical National Infrastructure β NHS & Central Government
β Commercial Enterprise β SaaS & Cloud Platforms
Click me:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β "Security is not a product, but a process β and I've been in that β
β process longer than most frameworks have existed." β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
All tools and PoCs published here are intended for authorised security testing and research only.



