Skip to content
View scumfrog's full-sized avatar
1 follower · 4 following

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx2Achievement: YOLO

Achievements

Achievement: QuickdrawAchievement: Pull Sharkx2Achievement: YOLO

Highlights

Block or report scumfrog

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
scumfrog/README.md

Guillermo — Security Architect (Cloud · AppSec · DevSecOps)

20+ years breaking and hardening systems.
Pragmatic by design. Function over form.

About

I approach systems with an offensive mindset: dissect → exploit → harden.

Focused on cloud security architecture (Azure/AWS), DevSecOps, and application security.
I design for real-world failure scenarios, not theoretical models.

I value:

  • Simple, resilient architectures
  • Automation over manual control
  • Security as a system property, not a layer

Core Domains

  • Cloud Security

    • Azure / AWS architecture
    • IAM, Zero Trust, network segmentation
    • Logging, monitoring, detection engineering

  • Application Security

    • Threat modeling
    • Secure design & code review
    • SAST / DAST / SCA integration

  • DevSecOps

    • CI/CD hardening
    • Policy as Code
    • Secure software supply chain

Infrastructure & Platform Engineering

  • Infrastructure as Code

    • Terraform (modular design, reusable secure baselines)
    • Policy enforcement (OPA, Sentinel)
    • Drift detection & state management strategies

  • Containers & Orchestration

    • Docker (image hardening, minimal base images)
    • Kubernetes (RBAC, network policies, pod security, secrets management)
    • Secure workload isolation patterns

  • Platform Security

    • Identity as control plane (IAM-first design)
    • Secrets management (rotation, scoping, vault integration)
    • Network architecture (private endpoints, segmentation, egress control)

  • Observability & Detection

    • Centralized logging pipelines
    • SIEM integration patterns
    • Detection-as-code mindset

Tech Stack

  • Languages

    • Python (automation, security tooling, scripting)
    • Bash / Shell
    • ASM

  • Cloud

    • Azure, AWS

  • Infrastructure

    • Terraform, Docker, Kubernetes

  • Security Tooling

    • SAST / DAST / SCA tools
    • Dependency & supply chain security
    • IAM frameworks and policy engines

  • DevSecOps

    • CI/CD (GitHub Actions, Azure DevOps, etc.)
    • Pipeline security & enforcement

Principles

  • Security is emergent from design, not tooling
  • Complexity is a risk multiplier
  • Automation reduces human attack surface
  • If you can’t detect it, you don’t control it
  • Build systems assuming they will fail

Current Focus

  • Cloud-native security patterns (Azure / AWS)
  • Identity-centric architecture (IAM as control plane)
  • Secure-by-default platform design
  • Detection and response integration in DevSecOps

Contact

Notes

Systems are meant to be tested, broken, and rebuilt stronger.

Pinned Loading

  1. FiberBreak FiberBreak Public

    React2Shell Exploitation Tool (CVE-2025-55182)

    Python

  2. bitlocker-com-research bitlocker-com-research Public

    Proof of concept demonstrating the use of Windows Elevation Monikers to interact with undocumented Full Volume Encryption (FVE/BitLocker) COM interfaces.

    C 1

  3. shuriken-llm shuriken-llm Public

    Useful tool for testing indirect injection (RAG), canary extraction, and tool abuse (tool calls) in LLM assistants.

    Python 1

  4. CVE-2025-55130 CVE-2025-55130 Public

    POC for CVE-2025-55130

    JavaScript

  5. ts-audit ts-audit Public

    Lightweight static analysis for TypeScript projects. Generates interactive HTML reports with complexity metrics, duplicate detection, and dependency mapping. Zero heavy dependencies.

    JavaScript

  6. cve-2026-24061 cve-2026-24061 Public

    CVE-2026-24061 PoC

    Python