Skip to content
You must be logged in to sponsor Concinnity-Risks
Become a sponsor to Concinnity Risks

We have some code for finding cryptocurrency address in ransomware, and doing financial forensics. We like finding vulnerabilities and being able to publish our work. We're a little tired of NDAs preventing a more consumer rights approach to security and privacy testing. So if you would like to see us find vulnerabilities and publish them under a gentle coordinated disclosure, we are open to suggestions. We like Android and networking equipment assessments especially.

We're people who like to work from home, and play with technology. We think writing good code, being good parents, and enjoying a slower lifestyle aren't incompatible. You're as likely to find us out foraging while we structure our thoughts around a problem as you are with our fingers on the keyboards.

Technology excites us, but it isn't usually the solution. We love to tinker, play, expand, and subvert technologies, but we also like people, books, and gardens. Balancing these things make us happy, and we are grateful for the chance to do the work we love.

We like projects chasing corporate corruption, and defunding anti-human behaviours. We aspire to write code for visualising financial inequality, and combating personal debt (especially student debt). We also like cryptocurrency projects and new creative economic models that sustain financial intimacy for small collectives.

Your sponsorship allows us to deviate more from the kinds of projects that are short sighted. It gives us the ability to do things that aren't profit driven, and that have a longer term vision. For example, documenting and curating the ransoms of ransomware was slow, and didn't produce a profit for a year or so. However, it did help build cyber risk models which now help people manage the risk more effectively. Another example is that penetration testing of consumer devices is time consuming and expensive, but why shouldn't the results be more publicly available after they are done (and fixed)? We'd love to do some crowdfunded security assessments, instead of working for one large customer under NDA. It changes the focus of the testing, and we think that has value.


We can do bug fixes for RansomCoinPublic. We can also spend more time documenting it well, which often gets ignored at the moment for other paid work.

Featured work

  1. Concinnity-Risks/RansomCoinPublic

    A DFIR tool to extract cryptocoin addresses and other indicators of compromise from binaries.

    Python 57
  2. Concinnity-Risks/LogisticalBudget

    This project contains code for comparing or ranking APT capabilities and operational capacity. The metrics are meant to quantify, rank, order, compare, or visualise quickly threat actors demonstrat…

    Python 36

0% towards $200 per month goal

Be the first to sponsor this goal!

Select a tier

$ a month

Choose a custom amount.

$50 a month


We commit to regularly fix issues on our current repositories. One issue a month, and better documentation over time.

$200 a month


We can make our tools much easier to install and use on multiple operating systems. We can regularly fix issues and tackle refactoring for security issues. We can also maintain our MISP server for people who cannot afford to run one of their own. This includes many people who need better security tools, but cannot pay standard industry rates, such as charities, not for profits, hackerspaces, and activists.

$500 a month


We can make python packages of some of our tools, and begin a regular release pattern. A variety of regular assurance tests can be constructed to maintain quality. We would commit to monthly reviews of issues and quarterly releases. Sponsors at this level can signal which project and issues they would like prioritised.

$1,000 a month


Regular access to new malware allows our tooling to be regularly improved, but also some of our data sets. One of the big challenges to writing tools for malware is both performance and error handling. It should be fast and efficient, and faster tooling means more data. It is equally important to be able to robustly handle deliberately poorly formatted files. This is why a feed of fresh malware is important to developing tooling for malware analysis.

$2,000 a month


At this tier we can scope a cyber risk metrics project of based on popularity. In a similar manner to our proven track record we can write code to sift through datasets large or small. We can deploy that code and host the data for others to use. This means that custom cyber risk metrics could be created for any organisation to use, regardless of their ability to afford it.

$3,000 a month


A custom ransomware model could be created within the Oasis Loss Modelling Framework.

This would be usable for any SMEs that wanted to quickly and accurately assess their potential losses from ransomware.

$4,000 a month


As an organisation we can pay developers regularly monthly wages for open source code that helps record cyber harms or produces data that helps measure cyber risk. This would allow us to continually innovate new cyber risk metrics and engage with different communities to check that they are useful, relevant, and timely.

The goal would be to spend more of our time innovating, and less of our time publishing the metrics and measures. In other words, we can automate the updates of metrics, and focus more of our time on understanding the impacts of security and privacy failures.