Click me [Headphones On]:
$ cat /etc/profile.d/liam.sh
NAME="Liam Romanis"
ROLE="Senior Penetration Tester | Principal Security Consultant | Freelance"
EXPERIENCE="29+ years in offensive security"
FORMER_ROLE="CESG CHECK Team Leader (1999β2023) β one of the longest continuous tenures in the scheme"
SECTORS="UK Government Β· MOD Β· Defence Primes Β· Financial Services Β· Telecomms Β· CNI Β· Commercial"
FOCUS="Manual testing excellence Β· Vulnerability research Β· Pragmatic risk-based assessment"
CURRENTLY="Freelance pentest engagements + AI Red Teaming courses"
Web & Application Frameworks
Identity & Directory Services
Cloud Platforms
Container & Orchestration
Network & Infrastructure
-gold?style=flat-square&color=FFD700){kind=icon}
Click me:
π οΈ AWS-IAM-Policy-Audit
Python 3 tool to analyze AWS IAM policies for risky permissions. Tracks affected principals, simulates sensitive actions, detects privilege escalation patterns, and flags cross-account trust exposures. Outputs findings in Table, JSON, or CSV with severity scoring (0β100).
Python Β· AWS Β· IAM Β· PrivEsc Detection Β· Cloud Security
π¦ Snecky
Passive network sniffing tool that simplifies detection and reporting of network protocols with weak configurations. Outputs results in Nessus-compatible format for seamless import into reporting tools.
Python Β· Network Security Β· Passive Recon Β· Nessus Integration
Proof-of-Concept for CVE-2025-29927 β a critical middleware bypass vulnerability affecting Next.js versions 11.x through 15.x. For authorised security testing and verification.
Python Β· CVE Research Β· Next.js Β· Web App Security
| Tool | Description |
|---|---|
| SNMPPLUX | SNMP enumeration and analysis tooling |
| LibScanner | Library/dependency scanning utility |
| ORR | Offline reporting and review tool |
| SSLScanner (PHP) | SSL/TLS configuration scanner |
| Azure MFA Auditor | Identifies Azure users without MFA where standard tooling fails |
| Azure Conditional Access Extractor | Extracts and analyses Conditional Access policies, outputs CSV artefacts |
| Azure Storage Assessor | Internal and external Azure storage enumeration and assessment |
β UK Government & MOD β Defence Primes
β Financial Services (MetroBank, ICAP, EBLF) β Telecommunications
β Critical National Infrastructure β NHS & Central Government
β Commercial Enterprise β SaaS & Cloud Platforms
Click me:
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β "Security is not a product, but a process β and I've been in that β
β process longer than most frameworks have existed." β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
All tools and PoCs published here are intended for authorised security testing and research only.