Hack.
Exploit.
Sell.
Cybersecurity research, writeups & PoCs — plus tech services and a gear shop for the security community. All from one platform.
Penetration testing, security audits, staff training — for SMEs, SACCOs, schools and businesses.
Pentest · Audit · TrainingWebsite design, CCTV, WiFi setup, Google Business, IT support and computer repair.
Websites · CCTV · IT SupportLaptops, Flipper Zero, pentest tools, networking gear and KnightSec merch. M-Pesa accepted.
Laptops · Flipper Zero · ToolsLatest Research & Walkthroughs
Technical breakdowns of CTF challenges, HTB machines and real-world vulnerabilities. Active machine writeups are locked until retirement.
Kobold — HackTheBox Writeup (Linux, Easy)
Subdomain enumeration reveals MCPJam v1.4.2 vulnerable to unauthenticated RCE via CVE-2026-23744. A base64-encoded reverse shell bypasses filtering, and docker group access lets us mount the host filesystem to read root's flag.
Interpreter — HackTheBox Writeup (Linux, Medium)
CVE-2023-43208 gives unauthenticated RCE on Mirth Connect 4.4.0 via Java deserialization. DB credentials lead to a PBKDF2 hash crack for SSH as sedric, then an SSTI in a Flask notif service running as root closes the chain.
VariaType — HackTheBox Writeup (Linux, Medium)
An exposed .git directory leaks hardcoded credentials, two CVEs in font processing libraries chain together for RCE as www-data then steve, and a sudo misconfiguration in setuptools lets you write an SSH key directly to /root/.ssh/authorized_keys.
3 writeups published · 5 locked
All writeups →Cybersec Intel, PoCs & Research
Weekly CVE breakdowns, threat intel, PoC exploits and security research that actually matters.
3 posts published
All posts →Security Services
Professional penetration testing, security audits and awareness training for businesses across Kenya.
Digital Security Health Check
Network scan, WiFi assessment, password policy review, phishing check — with a full written report.
SME Security Audit
Full audit: email security, data protection compliance, vulnerability assessment, social engineering test + staff training.
Monthly Security Retainer
Monthly scan, incident response support, staff updates, priority WhatsApp support. Peace of mind, ongoing.
Staff Awareness Workshop
3-hour session: phishing, password hygiene, WhatsApp scams, safe browsing, Kenya Data Protection Act basics.
Web Application Pentest
Full OWASP Top 10 assessment on your web app or API. Detailed report with CVSS ratings and remediation steps.
IoT / Device Security Review
Hardware and firmware security assessment for connected devices. ECE-grade — your hardware, properly audited.
Tech Services
Websites, Google Business, CCTV, WiFi networks, IT support and computer repair for local businesses and homes.
Professional 5-page business site — mobile ready, fast, SEO-optimised.
Get found on Google Maps. Setup, photos, reviews, optimisation.
Camera installation, DVR/NVR config, remote viewing setup for homes and offices.
Fast, secure WiFi setup for homes, shops, hotels and offices.
| Service | Price (KSH) | Delivery | Book |
|---|---|---|---|
| Basic business website (5 pages) | 15,000 – 25,000 | 3–5 days | WhatsApp → |
| Google Business Profile setup + optimization | 3,500 | 1–2 hours | WhatsApp → |
| Domain + hosting setup + email | 5,000 | 1 day | WhatsApp → |
| CCTV installation consultation + setup | 8,000 – 15,000 | 1 day | WhatsApp → |
| WiFi network setup (homes, offices) | 5,000 – 10,000 | Half day | WhatsApp → |
| IT support retainer (monthly) | 5,000 – 8,000/mo | Ongoing | WhatsApp → |
| Social media page setup + branding | 4,000 | 1 day | WhatsApp → |
| Computer repair / maintenance | 2,000 – 4,000 | Hours | WhatsApp → |
Gear & Hardware
Pentest tools, refurbished laptops, networking gear and KnightSec merch. Ships from Kenya. M-Pesa accepted.
Flipper Zero
Multi-tool for pentesters. Sub-GHz, NFC, IR, iButton, BadUSB.
ThinkPad X/T Series (Refurb)
i5/i7 · 8–16GB RAM · 256–512GB SSD · Linux-ready · tested & cleaned.
Alfa WiFi Adapter (AWUS036ACH)
Dual-band · monitor mode · packet injection · Kali Linux compatible.
Raspberry Pi 4 Kits
4GB/8GB · with case, power supply, SD card preloaded with Kali/Raspbian.
USB Rubber Ducky
HID attack tool · custom payload injection · Hak5 original.
CCTV Camera Bundles
2MP / 4MP IP cameras · NVR kits · night vision · remote viewing.
TP-Link Switches + PoE Gear
5/8/16 port managed & unmanaged · PoE options for CCTV and VoIP setups.
KnightSec Merch
Hoodies, t-shirts, stickers, mugs — KnightSec branded. Limited drops only.
M-Pesa accepted · Ships from Kenya · 7-day return policy · WhatsApp on file in Contact
Who's Behind KnightSec
ECE graduate turned full-time penetration tester. I build things, break things, and document both. My hardware background gives me an edge in low-level exploitation, network security and IoT/firmware pentesting — areas most security professionals don't touch.
Running KnightSec as a cybersecurity and tech services platform serving SMEs, SACCOs and schools upcountry. Archieved CJCA (March 2026) and Grinding for CPTS (December 2026). Every writeup here is real. No filler.
Recent Machines
Let's Work
Together
Open to remote pentest roles, freelance security audits, tech services and product enquiries. Based in Kenya — working globally.
Pentest, security audit, staff training, incident response.
Website, CCTV, WiFi, Google Business, IT support.
Laptops, Flipper Zero, pentest gear, networking hardware.