My name is Wojciech and I am an experienced Systems Engineer, Pentester, Security Analyst and OSINT researcher. During my professional career as a cyber security expert, I provided analysis for companies across Europe.

I took part in many projects for big corporations as well as startups. I have made lot of open source project for OSINT community

I am also seeking any kind of cooperation full/part time employment or freelance.

By providing tutorials and sharing knowledge I hope to partially cover my medical bills. If you like my work and use my tools, please donate.

Tools

Kamerka - 1,1k stars (Archived)

woj-ciech/kamerka
Build interactive map of cameras from Shodan. Contribute to woj-ciech/kamerka development by creating an account on GitHub.

Kamerka GUI

woj-ciech/Kamerka-GUI
Ultimate Internet of Things/Industrial Control Systems reconnaissance tool. - woj-ciech/Kamerka-GUI

LeakLooker - 980 stars

woj-ciech/LeakLooker
Find open databases - Powered by Binaryedge.io. Contribute to woj-ciech/LeakLooker development by creating an account on GitHub.

LeakLooker X GUI

woj-ciech/LeakLooker-X
LeakLooker GUI - Discover, browse and monitor database/source code leaks - woj-ciech/LeakLooker-X

Danger Zone - 600 stars

woj-ciech/Danger-zone
Correlate data between domains, IPs and email addresses, present it as a graph and store everything into Elasticsearch and JSON files. - woj-ciech/Danger-zone

You can find all repositories on my Github page.

woj-ciech - Overview
woj-ciech has 15 repositories available. Follow their code on GitHub.

During my cyber security research I helped a lot of companies regarding data leaks or vulnerabilities following responsible disclosures.

Media coverage

This Tool Shows Exposed Cameras Around Your Neighbourhood
Through a novel marrying of different tools, Kamerka can take an address, landmark, or coordinates and display exposed internet connected cameras on a map.
Contractor breach exposes 50k Aussie govt, bank staff records
Exclusive: lncludes credit card numbers, salaries.
Kamerka OSINT tool shows your country’s internet-connected critical infrastructure | ZDNet
Kamerka lets you see what a hacker sees. It plots maps with SCADA equipment, webcams, and printers that have been left exposed on the internet inside any given country.
Researcher Shows How Adversaries Can Gather Intel on U.S. Critical Infrastructure | SecurityWeek.Com
A researcher has developed and open source intelligence (OSINT) to show how easy it is for adversaries to gather intelligence on critical infrastructure in the United States.
Security | Unsplash
Do-whatever-you-want free HD photos. Gifted by the world’s most generous community of photographers.

Conferences

  • Industrial Control Systems (ICS) Cyber Security Conference, Atlanta, Georgia, United States - Intelligence Gathering on U.S. Critical Infrastructure
Intelligence Gathering on U.S. Critical Infrastructure
  • x33fcon 2020 - Hack the Planet with Kamerka (Only invitation - I didn't participate in online event)

https://www.x33fcon.com/#!s/wojciech.md

Achievements

  • Followed responsible disclosure to report government leak to Australian Cyber Security Center, affected companies: Australian Electoral Commission, AMP Limited, Australian Department of Finance, National Disability Insurance Scheme Australia, Rabobank and UGL Limited. Full story below
How I Discovered 50k Australian Bank & Government Records
Originally published on October 29th, 2017 TL;DR With help of AWS3dump and my poor coding skills I found database backups from 2016, on public amazon storage containing 1470 records from AEC (Australian Electoral Commission), 3000 from Australian Department of Finance, 300 from NDIS (National Disab…
  • Cooperated with CERTs across the world regarding safety of ICS in critical infrastructure
Journey over unsecured IoT devices with Kamerka — RTSP and MQTT.
Introduction In previous versions of Kamerka you could visualize cameras, social media photos, printers or Industrial Control Systems of any country. Now two more services have been added. First of them is MQTT (Message Queue Telemetric Transport) which is widely used to manage IoT (Internet of Thi…
Offensive OSINT s01e04 - Intelligence gathering on critical infrastructure in Southeast Asia
This is the second part of my investigation into critical infrastructure around the world. This article should have been a presentation on ICS Conference in Singapore, however due to Coronavirus it will be a virtual event. I’m not interested in participating and I have left with quite good material …
  • Reported PII leaks to many organizations - for example, FraudWrangler 13 millions of orders contain blurred credit card data and personal information.
LeakLooker part 3 — DNA samples, internal files and more
From now, LeakLooker supports Cassandra and Rethink databases and directory listing. It has been rewritten and uses completely new engine — Binaryedge.io. Article covers different types of leaks — targeted, mass and cloud. It also presents data you can find with help of the tool. Notice: I’m not bl…
LeakLooker GUI — Discover, browse and monitor database/source code leaks.
Detecting leaks has never been easier, new LeakLooker app gives you clean interface to discover, browse and monitor different kind of leaks from many sources. It uses Binary Edge as a discover source and Python, Django, Ajax, Jquery, CSS for web application. I will present how to use it, get best re…
  • Closed and reported child abuse distribution network to law enforcement agency.
Offensive OSINT s01e02 - Deobfuscation & Source code analysis + uncovering CP distribution network
In this episode, we will take a look on obfuscated javascript code which is actively used in CP campaign, from at least 2018, and on whole distribution process that’s also obfuscated by pretending legit files. As a source code analysis example, I will present very brief analysis of known coinminer …
  • Wrote article about election related misinformation for one of the biggest security portal in Poland
Jak analizować akcje dezinformacji na przykładzie użytkowników portalu Wykop.pl
  • Identified, investigated and reported leak related to APT campaign, which used China Chooper, attacking Royal Malaysia Police, Ministry of Foreign Affairs of the Republic of Indonesia and Malaysian Anti-Corruption Commission.

NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems.

NSA and CISA Recommend Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems | CISA
Note: This Activity Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise and ATT&CK for Industrial Control Systems frameworks for all referenced threat actor techniques and mitigations.
Shodan,[2] Kamerka [3], are creating a “perfect storm” of 1) easy access to unsecured assets, 2) use of common, open-source information about devices, and 3) an extensive list of exploits deployable via common exploit frameworks [4] (e.g., Metasploit,[5] Core Impact,[6] and Immunity Canvas [7])

Social Media/Platforms

Wojciech (@the_wojciech) | Twitter
De nieuwste Tweets van Wojciech (@the_wojciech): “I’ve made a GUI for LeakLooker, read write-up here #osint #cybersecurity #privacy #leak #hacking https://t.co/QvjSLat0lI”
Wojciech – Medium
Read writing from Wojciech on Medium. twitter.com/@the_wojciech. Every day, Wojciech and thousands of other voices read, write, and share important stories on Medium.
woj-ciech - Overview
woj-ciech has 15 repositories available. Follow their code on GitHub.
HackerOne profile - woj_ciech
Security researcher | OSINT and OPSEC fan | Looking for a job - https://medium.com/@woj_ciech/
woj_ciech on Bugcrowd
View woj_ciech’s researcher profile on Bugcrowd, a platform and team of experts connecting organizations to a global crowd of trusted security researchers.

Contact via Twitter or email bS53b2pjaWVjaEBwcm90b25tYWlsLmNo (base64 encoded)