Skip to content
View njeru-codes's full-sized avatar

Organizations

@SpaceyaTech @Durrafx-repos

Block or report njeru-codes

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
njeru-codes/README.md
Typing SVG

Portfolio LinkedIn HackerOne Email


whoami

$ cat profile.txt

Offensive Security Engineer and Penetration Tester based in Nairobi, Kenya.
Expertise in bug bounty research, vulnerability & malware research, and red team operations.
I find the gaps before attackers do β€” then help organizations close them for good.

Currently serving as Cyber Security Engineer @ Durrafx and Information Security Engineer @ Foresight Tech Group, while running active bug bounty research on HackerOne. Member of the Kenya Cyber Security and Forensic Association.


πŸ”­ Currently

  • πŸ”΄ Red teaming payment & authentication platforms at Durrafx
  • πŸ› Hunting bugs across web, API, and mobile targets on HackerOne
  • πŸ” SOC operations & log analysis at Foresight Tech Group
  • πŸ“– Deepening expertise in mobile app security and malware analysis

πŸ›  Skills & Tools

Offensive
Penetration Testing Red Teaming Bug Bounty Vulnerability Research Malware Analysis Social Engineering

Domains
Web Security API Security Mobile Security Network Security Financial Systems

Frameworks & Standards
OWASP PTES PCI-DSS MITRE ATT&CK

Languages & Tools
Python Go Bash Burp Suite Docker Metasploit Wireshark Nmap SIEM

Defensive
Log Analysis Incident Response Threat Modeling IDS/IPS Secure Code Review


πŸ“Š GitHub Stats

activity-graph

stats langs

trophy graph

πŸ“Œ Featured Projects

Project Description Stack
ARP ARP spoofing tool β€” intercepts DNS traffic and exfiltrates to a remote server Python, Scapy
PhoneBook-Vault All possible Kenyan phone number combinations for OSINT/recon use Data
Note-Weave Minimal, elegant note-taking app JavaScript

πŸ–ŠοΈ Writeups & disclosures coming soon β€” follow to stay updated.


🀝 Let's Work Together

$ cat availability.txt

βœ“ Open to penetration testing engagements
βœ“ Available for red team operations  
βœ“ Bug bounty collaborations welcome
βœ“ Security consulting & advisory

πŸ“¬ Reach me at njerumtwaiti@proton.me or connect on LinkedIn.


"unlocking the undetectable."

profile views

Pinned Loading

  1. ARP ARP Public

    Always Reading Packets (A.R.P) is ARP spoffing tool using Scapy to intercept DNS traffic and exfiltrate it to a remote server

    CSS 1

  2. PhoneBook-Vault PhoneBook-Vault Public

    This repository contains a collection of all possible combinations of Kenyan phone numbers

    1

  3. Note-Weave Note-Weave Public

    a simple, elegant note-taking app built for everyday use. Just start writing

    JavaScript