Hi 👋, I'm Steven, a software developer and offensive security professional based in Scotland 🏴. Below are some of the more interesting repos you will find on my GitHub profile.
- DVUA - Damn Vulnerable Umbraco Application.
- Umbraco.Community.Security.AuthPolicyBrowser - A dashboard to help find broken access controls in Umbraco applications.
- fr1end1y - A starter kit for Umbraco-powered Eleventy sites.
- donutsec.fun - The source code for my blog (built on Eleventy).
- UmbProfile CSRF PoC - Proof of concept for a cross-site request forgery in Umbraco member profiles.
- UmbRegister-Spoofer - A Python script to create arbitrary members in Umbraco by exploiting the auto-routed surface controllers that Umbraco ships with.
- Offensive Umbraco: Notes of a Friendly Adversary - June 2021 at the Umbraco Codegarden conference.
- Offensive Umbraco: The Prequel (The Power of XSS) - November 2021 at the Edinburgh Umbraco Users Group meetup.
- Offensive Umbraco Part 3: XSS Weaponisation - April 2023 at Defcon Edinburgh.
- Offensive Umbraco Part 4: Let’s Get Pasted - April 2024 at the Edinburgh Umbraco Users Group meetup.
- Web Hacking 101 - June 2025 at Umbraco Codegarden.
- Blog: DonutSec
- Business: Etive Mòr
- Mastodon: @[email protected]
- LinkedIn: in/stvnhrlnd