Hey, I'm Andy and I'm an Information Security Professional. I focus mainly on offensive security, red team operations and adversary simulations, security research and exploit development.
This page is a collection of topics I've studied and practiced during my transition from software engineering to offensive security, including my notes from a variety of certifications (such as OSCP and OSWA), and cheat sheets I use on a day to day basis as I conduct penetration tests or vulnerability assessments.
The intention is to further expand this page and document new subjects as I gain more knowledge and experience in security areas.
As for the transition to the infosec, I've documented the whole journey on my personal blog - stop by and have a look.
Latest Blog Posts
2024-01-17 - Getting a Black Belt in Wi-Fu - OWSP Review
2023-11-02 - XSS in NASAs Open MCT v3.0.2 - data exfiltration
2023-10-19 - My Journey to Finding My First 0day/CVE
2023-10-13 - Yamcs Vulnerability Assessment
2023-10-12 - Prototype Pollution in NASAs Open MCT CVE-2023-45282
2023-08-05 - How I Failed OSWA Exam
2023-07-23 - Mid-career Transition to Infosec 0x07
2023-03-19 - Mid-career Transition to Infosec 0x06
2023-01-16 - Mid-career Transition to Infosec 0x05
2023-01-12 - ADwalk: simple PowerShell script to enumate Active Directory
2022-12-20 - clif: simple command-line application fuzzer
2022-12-12 - nansi: simple tool for task automation
2022-09-01 - Mid-career Transition to Infosec 0x04
2022-08-10 - Mid-career Transition to Infosec 0x03
2022-04-27 - Mid-career Transition to Infosec 0x02
2022-03-10 - Mid-career Transition to Infosec 0x01