About

Welcome to my blog. I’m currently a red team engineer from Pittsburgh and mainly conduct web-application and network penetration tests. I have also been in the Pennsylvania Army National Guard since 2016 and am currently the deputy team chief for the state’s cyber team. After-hours, I have an interest malware dev, threat intelligence, CTF’s, and research.

This blog will serve as a home for all personal projects, writeups, and other things I find interesting within the field of cyber.

Presentations

Pittsburgh Hacker’s Association - Analysis of CVE 2021-40444: MSHTMHell

CVE’s

CVE CVE-2023-24158: Wallpaper Engine - DLL Search Order Hijacking
CVE-2020-12800: WordPress “Drag and Drop Multiple File Upload” 1.3.3.2 - Unauthenticated Remote Code Execution
- You can try it out here: Pentester Academy Lab
- Exploit DB
- Metasploit Module

Open-Source Projects

BadBird C2
- A novel C2 project that uses the canarytokens.org platform for command and control.
- Github Repo
- Canary Token Blogpost
PhishBook
- A Burp Suite extension that allows you to gather and store email addresses to be used in phishing campaigns.
- Will be released soon.

Yara Rules

Some Yara Rules.

Other Publications

Maze Ransomware

Certifications

Certs are not the end-all-be-all in the field of infosec. However, I’ve been fortunate enough to have employers who have financially supported me in obtaining the following:

Education

The University of Pittsburgh class of 2019

Please feel free to reach out to me on Twitter, LinkedIn, or email directly at amartin@amartinsec.com.