Posts

Continuous Phishing Model

The Observation After doing multiple phishing engagements, listening to client feedback, and having a customer pay to build phishing infrastructure for them, I’ve come to the realization that Phishing/Social Engineering pentest should move to a continuous subscription model and not just a point-in-time test. I still think point-in-time phishing engagements are a good thing, but I believe there is a huge value add for the client to phish throughout the year. Over the past couple of weeks, I have been building out the continuous phishing model. It is still in the rough draft stage, but the implementation is going to look like something below.

Friday, February 20, 2026 | 2 minutes Read

2026 Reading List

A curated list of great books I have read this year. Wisdom Takes Work by Ryan Holiday Scoping by Andreas Aaris-Larsen The Mechanical by Ian Tregillis

Friday, February 20, 2026 | 1 minute Read

Basics of Reverse Proxying

The Basics This is some basic info about reverse proxying The Tools These are the tools I use

Saturday, September 20, 2025 | 1 minute Read

Repo Raider

Hey Everyone! Last week, I had the opportunity for growth and development. That is, I get a week to be non-billable and get paid to learn and build tools. An absolute dream. And this particular GDT, I had the opportunity to code! I wrote some code to scan code repositories with trufflehog. The issue arose during a pentest, where I found a Github account with several dozen public code repositories. I wanted to check those repositories, but I didnt want to download each one and run trufflehog against it. So I wrote a script to download each repo in the account and run trufflehog against it. Work smarter, not harder. This repo currently supports Github and Docker. Gitlab support has been included, but I haven’t added it yet. It will be added shortly and I will probably try to combine everything into one script since there is so much code usage. The repo can be found at https://github.com/Cipolone95/RepoMole. Enjoy!

Basic

Thursday, June 26, 2025 | 1 minute Read

Cackalacky Con

This past weekend, I had the opportunity to speak at Cackalacky Con in NC about phishing! It was the perfect opportunity to see some friends and practice my public speaking! This little blog post is about my experience. The Talk: The talk was a 25 minute lightening talk with two LIVE demos! For context, I run most of the phishing engagements at my place of employment so I’ve seen/learned/discovered some things and I wanted to share them with the community. The hardest part was keeping the talk to 25 minutes! Due to the essence of time, I focused on

Basic

Thursday, May 22, 2025 | 2 minutes Read

2025 Reading List

A curated list of great books I have read this year. The Recruiter: A Rick Carter Novel by Gregg Podolski The Subtle Art of Not Giving a F*ck by Mark Manson 33 Days to Eucharistic Glory by Matthew Kelly Beasts of Extraordinary Circumstance by Ruth Emmie Lang Your Inner Fish by Neil Shubin Bullshit Jobs by David Graeber Say Nothing: A Story of Murder and Memory in Northern Ireland by Patrick Radden Keefe The Fish that Ate the Whale: The Life and Times of America’s Banana King by Richard Cohen Ten Lessons for a Post-Pandemic World by Fareed Zakaria Jedi Search by Kevin Anderson (Jedi Academy Trilogy volume 1) Dark Apprentice by Kevin Anderson (Jedi Academy Trilogy volume 2) Slow Productivity: The Lost Art of Accomplishment Without Burnout by Cal Newport Champings of the Force by Kevin Anderson (Jedi Academy Trilogy volume 3) Company of One by Paul Jarvis Right Thing, Right Now by Ryan Holiday Flash Boys by Michael Lewis The Devotion of Suspect X by Keigo Higashino Two Serpants Rise by Max Gladstone The 4-Hour Body by Tim Ferriss Steal Like An Artist - By Autin Kleon

Tuesday, January 7, 2025 | 1 minute Read

2024 Reading List

A curated list of great books I have read this year. Deep Work by Cal Newport The King of Attolia by Megan Whalen Turner A Conspiracy of Kings by Megan Whalen Turner Jesus and the Jewish Roots of the Eucharist by Brant Pitre Thick as Thieves by Megan Whalen Turner Return of the Thief by Megan Whalen Turner The Wisdom of the Bullfrog by William H. McRaven How to Hack like a Legend by Sparc Flow A Darker Shade of Magic by VE Schwab A Gathering of Shadows by VE Schwab A Conjuring of Light by VE Schwab 5 Things with Father Bill by William Byrne Mindset: The New Psychology of Success by Carol Dweck Sickening by John Abramson George Washington’s Secret Six by Brian Kilmeade and Don Yaeger The Premonition: A Pandemic Story by Michael Lewis Trader by Charles de Lint Meddling Kids by Edgar Cantero Children of Blood and Bone by Tomi Adeyemi Boneshaker by Cherie Priest

Sunday, January 7, 2024 | 1 minute Read

2023 Reading List

A curated list of great books I have read this year. Your Money Or Your Life by Vicki Robin and Joe Dominguez Wild at Heart by John Eldredge Your Brain on Porn by Gary Wilson The Cuckoo’s Egg by Cliff Stoll Leave Only Footprints by Conor Knighton S Street Rising: Crack, Murder, and Redemption in DC by Ruben Castaneda Discipline is Destiny by Ryan Holiday Star Wars: Dark Force Rising by Timothy Zahn Star Wars: Tarkin by James Luceno CISSP – Official Study Guide by Mike Chapple, James Stewart, Darril Gibson The Premonition by Michael Lewis Star Wars: The Last Command by Timothy Zahn The Alchemist by Paulo Coelho A is for Alibi by Sue Grafton The Thief by Megan Whalen Turner The Queen of Attolia by Megan Whalen Turner

Sunday, January 1, 2023 | 1 minute Read

2022 Reading List

A curated list of great books I have read this year. Little House in the Big Woods by Laura Ingalls Wilder Plan of Life by Roger J. Landry Total Money Makeover by Dave Ramsey Your Money Or Your Life by Vicki Robin and Joe Dominguez Courage is Calling by Ryan Holliday Little House on the Prairie by Laura Ingalls Wilder Farmer Boy by Laura Ingalls Wilder Set for Life by Scott Trench Complete Guide to Money by Dave Ramsey Sharpe’s Tiger by Bernard Cornwell Sharpe’s Triumph by Bernard Cornwell Sharpe’s Eagle by Bernard Cornwell Sharpe’s Gold by Bernard Cornwell Harlequin by Bernard Cornwell Bug Bounty Bootcamp by Vickie Li Baby Steps Millionaires by Dave Ramsey Star Wars: Heir to the Empire by Timothy Zahn

Saturday, January 1, 2022 | 1 minute Read

2021 Reading List

A curated list of great books I have read this year. Everyday Millionaires by Chris Hogan Total Money Makeover by Dave Ramsey Why We Sleep by Matthew Walker Turning Pro by Steven Pressfield Deep Work by Cal Newport So Good They Can’t Ignore You by Cal Newport Narconomics: How to Run a Drug Cartel by Tom Wainwright Appalachian Trials by Zach Davis The Dip: A Little Book That Teaches You When to Quit (and When to Stick) by Seth Godin The Obstacle is the Way by Ryan Holiday Homicide: A Year on the Killing Streets by David Simon The Big Short by Michael Lewis The Last Kingdom by Bernard Cornwell Gray Work: Confessions of An American Paramilitary Spy by Jamie Smith Man vs. Markets: Economics Explained by Paddy Hirsch Consecration to St. Joseph by Donald H. Calloway White Fang by Jack London Playing with FIRE by Scott Rieckens The Rule of Saint Benedict by Saint Benedict The Four Agreements by Don Miguel Ruiz

Friday, January 1, 2021 | 1 minute Read

ARTE (AWS Red Team Expert) Review

Hi Everyone! I recent passed the ARTE (AWS Red Team Expert) certification and I wanted to write a short blurb on the course, the exam, and the entire experience. As with most things I say, these thoughts are my own and don’t necessarily reflect those of my employer, HackTricks, my religion, or anybody/anything else. Background: I am a pentester and have done cloud reviews before so some topics were a review for me. Additionally, I have the pentester mindset so I came into the course with the ability to enumerate well, think critically, and know when I am going down a rabbit hole.

Basic

Monday, June 8, 2020 | 3 minutes Read

Introduction

Howdy! This is my little corner of the internet where I post about things. I’m not very good at keeping this updated, but I do cool things sometimes and I like to talk about them in case other people find them cool. I hope you find something cool here. If not, check back again later. Thanks!

Basic

Monday, June 8, 2020 | 1 minute Read