Hi ๐, I'm Steven, a software developer and offensive security professional based in Scotland ๐ด๓ ง๓ ข๓ ณ๓ ฃ๓ ด๓ ฟ. Below are some of the more interesting repos you will find on my GitHub profile.
- DVUA - Damn Vulnerable Umbraco Application.
- Umbraco.Community.Security.AuthPolicyBrowser - A dashboard to help find broken access controls in Umbraco applications.
- fr1end1y - A starter kit for Umbraco-powered Eleventy sites.
- donutsec.fun - The source code for my blog (built on Eleventy).
- UmbProfile CSRF PoC - Proof of concept for a cross-site request forgery in Umbraco member profiles.
- UmbRegister-Spoofer - A Python script to create arbitrary members in Umbraco by exploiting the auto-routed surface controllers that Umbraco ships with.
- Offensive Umbraco: Notes of a Friendly Adversary - June 2021 at the Umbraco Codegarden conference.
- Offensive Umbraco: The Prequel (The Power of XSS) - November 2021 at the Edinburgh Umbraco Users Group meetup.
- Offensive Umbraco Part 3: XSS Weaponisation - April 2023 at Defcon Edinburgh.
- Offensive Umbraco Part 4: Letโs Get Pasted - April 2024 at the Edinburgh Umbraco Users Group meetup.
- Web Hacking 101 - June 2025 at Umbraco Codegarden.
- Blog: DonutSec
- Business: Etive Mรฒr
- Mastodon: @stvnhrlnd@umbracocommunity.social
- LinkedIn: in/stvnhrlnd