> Who I Am

I'm Aaron Moorcroft, known online as CyberZombi3. First and foremost, I'm a security researcher and penetration tester — my day-to-day headspace is offensive security: enumeration, exploitation, and working out how an attacker would actually get in. Everything else on this site grows out of that. I write my own recon tooling because I've felt the pain of doing it by hand, and I build AI agents because I want them handling the repetitive parts of a pentest, not because I set out to be a software engineer.

Outside of hands-on pentesting work, I like understanding systems all the way down to the metal — which is why I've also written an operating system from scratch, and why I run my own home SOC lab to see attacks from the defender's side as well as the attacker's.

> What I Do

Penetration testing & offensive security — hands-on enumeration, exploitation, and reporting, sharpened through structured training and a lot of lab boxes. The same instincts that drive that work are what led me to build my own recon tooling instead of relying purely on off-the-shelf scripts.

AI agents for security work — I'm far more interested in agents that take real, verifiable actions than in chatbots. My AI Pentest Agent plans and runs its own enumeration against a target; JARVIS is a fully local voice assistant that controls my Mac directly with no cloud round-trip; and Agent Commerce is a multi-agent pipeline where nine separate agents hand work off to each other to take a product from an idea to a finished listing. Local models (Ollama/Gemma, DeepSeek, Whisper) by default, with Claude as an optional upgrade where quality matters more than running fully offline.

Blue team / detection engineering — a self-hosted SOC lab combining a SIEM, IDS, honeypot, and threat-intel stack to practice detection and incident response from the defender's side.

Systems programming — low-level work including a custom x86 operating system written from scratch: bootloader, protected mode, a window manager, and networking.

iOS development — SwiftUI apps and games, usually with a cyberpunk aesthetic and a lot of attention paid to feel and feedback (haptics, sound, animation).

> Background

I've been a professional Penetration Tester at Vodafone Group UK since 2022, scoping and running infrastructure and web application tests, delivering the findings and CVSS scoring back to the business, and coordinating third-party pentest suppliers alongside the secure-by-design team.

Before that, I spent five years as a Cyber Security Operational Analyst at ReAssure, working blue team and purple team: building out SIEM capability with Splunk, running vulnerability management with Nessus, building a detection framework against the MITRE ATT&CK model, and running purple team exercises alongside an external pentest partner. And before that, over a decade in IT infrastructure and 3rd-line engineering — Windows Server, VDI, messaging, service desk — which is exactly the hands-on systems background that still shows up in projects like CyberOS and the SOC Lab today.

> Certifications

HTB CPTS eCPPTv2 PNPT CRTA HTB Pro Labs — Dante HTB Pro Labs — Offshore CISMP AWS Certified Cloud Practitioner ITIL v3

Alongside those, I've worked through a long list of additional offensive security training — SANS 560 & 504, OffSec's PEN-200 and WEB-200, Mandiant's Creative Red Teaming and Windows Enterprise Incident Response courses, TCM Security's Practical Ethical Hacker and OSINT Fundamentals, and VHL's Virtual Hacking Labs — and I'm currently working towards Zeropoint Security's RTO.

> Tools & Technologies

Python Swift / SwiftUI x86 Assembly C Nmap Docker FastAPI Ollama / Local LLMs Splunk Nessus Wazuh / Suricata Bash

> About This Site

This site is where I write up the projects I build, how they work, and what I learned putting them together. It's updated whenever something new is worth sharing.

> Get In Touch

Best way to reach me is email. Links to my other profiles are below and in the footer.

Email Me GitHub LinkedIn