// Portfolio
Things we have built.
We keep most of our client work confidential — but here is what we can share.
ThreatFade
An evasion interception platform that detects C2 quieting, LOTL attacks, and GNSS jamming using behavioural z-score analysis. Validated against 490K+ packets of real Merlin QUIC C2 traffic at z-score 14.76.
- →Python CLI, extensible architecture
- →Validated on real Merlin QUIC C2 PCAPs
- →Detects evasion that bypasses signature tools
- →Currently in private beta
GiftMode
An AI-powered gift recommendation engine built on Next.js and Claude Haiku. Users describe a person and get hyper-personalised gift ideas with direct purchase links. Live with paying users.
Client Work
More projects under NDA
Most of our client work is covered by NDAs. We are happy to discuss our approach, the problems we solve, and our process in a direct conversation.
Start a conversation →// Open source contributions
5 merged PRs. In production. Used globally.
Nuclei — ProjectDiscovery
Nigerian fintech credential detectors merged into the community template library. Our templates now run in automated security scans globally.
Semgrep — Semgrep OSS
Static analysis rules for detecting leaked credentials from Paystack, Flutterwave, and Interswitch. Merged day one. Running in global code scans.
TruffleHog — TruffleSecurity
Secret detection rules for Nigerian fintech APIs. Catches exposed keys before they reach production.
Gitleaks
Git history scanner rules for Remita and Interswitch credentials — unified in the Nigerian Secret Detectors Meta-Repo on PyPI.
Slither — Crytic/Trail of Bits
Smart contract security analysis rules — detecting vulnerability patterns in Solidity code. Contributing to the leading static analysis framework for EVM smart contracts.
All contributions unified in the Nigerian Secret Detectors Meta-Repo — a Python CLI published on PyPI. One command scans all detectors.