My name is Wojciech and I am an experienced Systems Engineer, Pentester, Security Analyst and OSINT researcher. During my professional career as a cyber security expert, I provided analysis for companies across Europe.
I took part in many projects for big corporations as well as startups. I have made lot of open source project for OSINT community
I am also seeking any kind of cooperation full/part time employment or freelance.
Tools
Kamerka - 1,1k stars (Archived)
woj-ciech/kamerka
Build interactive map of cameras from Shodan. Contribute to woj-ciech/kamerka development by creating an account on GitHub.
woj-ciech
Kamerka GUI
woj-ciech/Kamerka-GUI
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. - woj-ciech/Kamerka-GUI
woj-ciechLeakLooker - 980 stars
woj-ciech/LeakLooker
Find open databases - Powered by Binaryedge.io. Contribute to woj-ciech/LeakLooker development by creating an account on GitHub.
woj-ciechLeakLooker X GUI
woj-ciech/LeakLooker-X
LeakLooker GUI - Discover, browse and monitor database/source code leaks - woj-ciech/LeakLooker-X
woj-ciechDanger Zone - 600 stars
woj-ciech/Danger-zone
Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files. - woj-ciech/Danger-zone
woj-ciechYou can find all repositories on my Github page.
woj-ciech - Overview
woj-ciech has 15 repositories available. Follow their code on GitHub.
During my cyber security research I helped a lot of companies regarding data leaks or vulnerabilities following responsible disclosures.
Media coverage
This Tool Shows Exposed Cameras Around Your Neighbourhood
Through a novel marrying of different tools, Kamerka can take an address, landmark, or coordinates and display exposed internet connected cameras on a map.
Joseph Cox
Contractor breach exposes 50k Aussie govt, bank staff records
Exclusive: lncludes credit card numbers, salaries.
Kamerka OSINT tool shows your country’s internet-connected critical infrastructure | ZDNet
Kamerka lets you see what a hacker sees. It plots maps with SCADA equipment, webcams, and printers that have been left exposed on the internet inside any given country.
Catalin Cimpanu
Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure | SecurityWeek.Com
A researcher has developed and open source intelligence (OSINT) to show how easy it is for adversaries to gather intelligence on critical infrastructure in the United States.
Security | Unsplash
Do-whatever-you-want free HD photos. Gifted by the world’s most generous community of photographers.
Unsplash
Conferences
- Industrial Control Systems (ICS) Cyber Security Conference, Atlanta, Georgia, United States - Intelligence Gathering on U.S. Critical Infrastructure
Intelligence Gathering on U.S. Critical Infrastructure
- x33fcon 2020 - Hack the Planet with Kamerka (Only invitation - I didn't participate in online event)
https://www.x33fcon.com/#!s/wojciech.md
Intelligence gathering on critical infrastructure In Southeast Asia.
Offensive OSINT s01e04 - Intelligence gathering on critical infrastructure in Southeast Asia
This is the second part of my investigation into critical infrastructure aroundthe world. This article should have been a presentation on ICS Conference inSingapore, however due to Coronavirus it will be a virtual event. I’m notinterested in participating and I have left with quite good material …
Wojciech
Achievements
- Followed responsible disclosure to report government leak to Australian Cyber Security Center, affected companies: Australian Electoral Commission, AMP Limited, Australian Department of Finance, National Disability Insurance Scheme Australia, Rabobank and UGL Limited. Full story below
How I Discovered 50k Australian Bank & Government Records
Originally published on October 29th, 2017TL;DR With help of AWS3dump and my poor coding skills I found database backups from2016, on public amazon storage containing 1470 records from AEC (AustralianElectoral Commission), 3000 from Australian Department of Finance, 300 from NDIS(National Disab…
- Cooperated with CERTs across the world regarding safety of ICS in critical infrastructure
Journey over unsecured IoT devices with Kamerka — RTSP and MQTT.
IntroductionIn previous versions of Kamerka you could visualize cameras, social mediaphotos, printers or Industrial Control Systems of any country. Now two moreservices have been added. First of them is MQTT (Message Queue Telemetric Transport) which is widely usedto manage IoT (Internet of Thi…
Offensive OSINT s01e04 - Intelligence gathering on critical infrastructure in Southeast Asia
This is the second part of my investigation into critical infrastructure aroundthe world. This article should have been a presentation on ICS Conference inSingapore, however due to Coronavirus it will be a virtual event. I’m notinterested in participating and I have left with quite good material …
- Reported PII leaks to many organizations - for example, FraudWrangler 13 millions of orders contain blurred credit card data and personal information.
LeakLooker part 3 — DNA samples, internal files and more
From now, LeakLooker supports Cassandra and Rethink databases and directorylisting. It has been rewritten and uses completely new engine — Binaryedge.io.Article covers different types of leaks — targeted, mass and cloud. It alsopresents data you can find with help of the tool. Notice: I’m not bl…
LeakLooker GUI — Discover, browse and monitor database/source code leaks.
Detecting leaks has never been easier, new LeakLooker app gives you cleaninterface to discover, browse and monitor different kind of leaks from manysources. It uses Binary Edge as a discover source and Python, Django, Ajax,Jquery, CSS for web application. I will present how to use it, get best re…
- Closed and reported child abuse distribution network to law enforcement agency.
Offensive OSINT s01e02 - Deobfuscation & Source code analysis + uncovering CP distribution network
In this episode, we will take a look on obfuscated javascript code which isactively used in CP campaign, from at least 2018, and on whole distributionprocess that’s also obfuscated by pretending legit files. As a source code analysis example, I will present very brief analysis of knowncoinminer …
Offensive OSINT s02e08 - Gathering data from different sources
This is the material, I’ve been working on since start of this season.We will dodeep dive into rabbit hole of child abuse content distribution network. It is acontinuation of episode from season one titled “OSINT & Deobfuscation” and youcan read it below. Offensive OSINT s01e02 - Deobfuscation &…
Wojciech
- Wrote article about election related misinformation for one of the biggest security portal in Poland
Jak analizować akcje dezinformacji na przykładzie użytkowników portalu Wykop.pl
- Identified, investigated and reported leak related to APT campaign, which used China Chooper, attacking Royal Malaysia Police, Ministry of Foreign Affairs of the Republic of Indonesia and Malaysian Anti-Corruption Commission.
It looks like webmails of Ministry of Foreign Affairs of the Republic of Indonesia @kemlu_ri Royal Malaysia Police and Malaysian Anti-Corruption Commission @sprmmalaysia have been compromised. #leaks #threatintel #infosec #breach #ThreatHunting pic.twitter.com/PcR9bmAO9f
— Wojciech (@the_wojciech) May 10, 2020
NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems.
NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems | CISA
Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations.
Shodan,[2] Kamerka [3], are creating a “perfect storm” of 1) easy access to unsecured assets, 2) use of common, open-source information about devices, and 3) an extensive list of exploits deployable via common exploit frameworks [4] (e.g., Metasploit,[5] Core Impact,[6] and Immunity Canvas [7])
Social Media/Platforms
Wojciech (@the_wojciech) | Twitter
De nieuwste Tweets van Wojciech (@the_wojciech): “I’ve made a GUI for LeakLooker, read write-up here #osint #cybersecurity #privacy #leak #hackinghttps://t.co/QvjSLat0lI”
the_wojciech
Wojciech – Medium
Read writing from Wojciech on Medium. twitter.com/@the_wojciech. Every day, Wojciech and thousands of other voices read, write, and share important stories on Medium.
woj-ciech - Overview
woj-ciech has 15 repositories available. Follow their code on GitHub.
HackerOne profile - woj_ciech
Security researcher | OSINT and OPSEC fan | Looking for a job - https://medium.com/@woj_ciech/
woj_ciech on Bugcrowd
View woj_ciech’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.
Contact via Twitter or email bS53b2pjaWVjaEBwcm90b25tYWlsLmNo (base64 encoded)