Ebere Orisi
Security awareness, OSINT investigations, and web security.
I work across three connected areas of security: teaching people to spot attacks, investigating the people behind them, and securing the systems they target. With about six years in information security, my background spans penetration testing, security awareness education, and open-source intelligence. I co-founded Ocynt, build and run phishing-simulation programmes, and report real vulnerabilities along the way.
At Hailbytes I ran phishing-simulation and security-awareness programmes, helped build the cloud infrastructure behind them, and turned the results into training people could actually use.
A lot of that work became public teaching. Our cloud-security and phishing guides have passed 500,000 blog reads and 100,000+ video views.
Building a Safer Digital Society
Ocynt · Co-founderI co-founded Ocynt to make the digital space safer for everyday people and small businesses. We equip SMEs with the resources to protect their digital assets, and we use open-source intelligence to locate missing persons and track down scammers.
Cybersecurity Training
Tailored cyber training for SMEs, OSINT skills for finding missing persons, and practical security education for people who need it most.
WhoScammedMe
A constantly updated, community-driven scam database. Look something suspicious up and confirm for yourself before you get burned. We built it so people can track and report scams.
Visit whoscammed.meFinding Missing People
We run programmes that apply open-source intelligence to help locate missing people and bring information back to the families who need it.
Research & Offensive Security
Creating a Phishing Detection System with DNS Fuzzing
My university final-year project: a Python tool that uses DNS fuzzing to detect phishing and brand impersonation before attacks land. Typosquatting is one of the most common tricks in phishing, where attackers register misspelled lookalike domains. The tool reverse-engineers that technique to generate and monitor the domains an attacker would likely use, so organisations can catch impersonation early. It works as a foundation for continuous phishing and brand-abuse monitoring, and the video shows the practical process of detecting and fighting these attacks in your own organisation.
CVE-2022-23904
A CSRF vulnerability I discovered in AuctionWorx (below 3.1R2), letting an authenticated user escalate to admin on one of the most widely used auction platforms.
View on NVD PlaylistOffensive Security & Pentest Tutorials
A practical series on offensive security techniques and penetration testing, from tooling to exploitation.
Watch on YouTube PlaylistOPSEC Training
Operational security fundamentals for staying safe and deliberate while doing investigative and offensive work.
Watch on YouTube WritingWeb3 Security Research
Research and writing on blockchain, DeFi, and smart-contract security. I authored several posts on the Failsafe blog in 2025.
Read on FailsafeAs a security engineer and developer I harden live web platforms and the data behind them. The work covers WAF rule design and tuning, bot mitigation, system hardening, and security testing, keeping protections tight enough to stop attackers without breaking legitimate traffic. Recent work includes building and securing a scalable platform and database handling roughly 2,500 RF products for clients in the U.S. defense industry, with controlled access and data integrity treated as hard requirements.
Background & Recognition
- Education
- BSc, Cyber Security Air Force Institute of Technology (AFIT), Kaduna. 2018 to 2023.
- Certifications
- PNPT In progress OSIP In progress
- Recognition
- Netgear Arlo Bug Bounty Hall of Fame, 2018 CVE-2022-23904 (AuctionWorx). Over 750,000 views and 500,000 blog reads across my security teaching.
- Music
- I produce music and teach production as osirusmusic, with several albums and projects created for artists, over 180 tutorials, and 500,000+ views. osirusmusic.com