Welcome to my blog. I’m currently a red team engineer from Pittsburgh and mainly conduct web-application and network penetration tests. I have also been in the Pennsylvania Army National Guard since 2016. After-hours, I have an interest malware dev, threat intelligence, CTF’s, and research.
This blog will serve as a home for all personal projects, writeups, and other things I find interesting within the field of cyber.
Presentations
- Pittsburgh Hacker’s Association - Analysis of CVE 2021-40444: MSHTMHell
CVE’s
- CVE CVE-2023-24158: Wallpaper Engine - DLL Search Order Hijacking
- CVE-2020-12800: WordPress “Drag and Drop Multiple File Upload” 1.3.3.2 - Unauthenticated Remote Code Execution
- You can try it out here: Pentester Academy Lab
- Exploit DB
- Metasploit Module
Open-Source Projects
- BadBird C2
- A novel C2 project that uses the canarytokens.org platform for command and control.
- Github Repo
- Canary Token Blogpost
- PhishBook
- A Burp Suite extension that allows you to gather and store email addresses to be used in phishing campaigns.
- Will be released soon.
Yara Rules
Other Publications
Certifications
Certs are not the end-all-be-all in the field of infosec. However, I’ve been fortunate enough to have employers who have financially supported me in obtaining the following:
- GXPN - GIAC Exploit Researcher and Advanced Penetration Tester
- OSEP - Offensive Security Experienced Pentester
- OSCP - Offensive Security Certified Professional
- eCPTXv2 - eLearnSecurity Certified Penetration Tester eXtreme
- CRTL - Certified Red Team Lead
- CRTO - Certified Red Team Operator
- CTRE - Certified Red Team Expert
- Burp Suite Certified Practitioner
- PNPT - Practical Network Penetration Tester
- CESC - Certified Experienced Security Consultant
- Pentest+ (Expired)
- Magnet Certified Forensic Examiner (expired)
Education
- The University of Pittsburgh class of 2019
Please feel free to reach out to me on Twitter, LinkedIn, or email directly at amartin@amartinsec.com.