Andy Codes Hey, I'm Andy and I'm an Information Security Professional. I focus mainly on offensive security, red team operations and adversary simulations, security research and exploit development.

This page is a collection of topics I've studied and practiced during my transition from software engineering to offensive security, including my notes from a variety of certifications (such as OSCP and OSWA), and cheat sheets I use on a day to day basis as I conduct penetration tests or vulnerability assessments.

The intention is to further expand this page and document new subjects as I gain more knowledge and experience in security areas.

As for the transition to the infosec, I've documented the whole journey on my personal blog - stop by and have a look.

Latest Blog Posts

2024-01-17 - Getting a Black Belt in Wi-Fu - OWSP Review

2023-11-02 - XSS in NASAs Open MCT v3.0.2 - data exfiltration

2023-10-19 - My Journey to Finding My First 0day/CVE

2023-10-13 - Yamcs Vulnerability Assessment

2023-10-12 - Prototype Pollution in NASAs Open MCT CVE-2023-45282

2023-08-05 - How I Failed OSWA Exam

2023-07-23 - Mid-career Transition to Infosec 0x07

2023-03-19 - Mid-career Transition to Infosec 0x06

2023-01-16 - Mid-career Transition to Infosec 0x05

2023-01-12 - ADwalk: simple PowerShell script to enumate Active Directory

2022-12-20 - clif: simple command-line application fuzzer

2022-12-12 - nansi: simple tool for task automation

2022-09-01 - Mid-career Transition to Infosec 0x04

2022-08-10 - Mid-career Transition to Infosec 0x03

2022-04-27 - Mid-career Transition to Infosec 0x02

2022-03-10 - Mid-career Transition to Infosec 0x01