Andrew Trexler

Andrew graduated from the University of Pittsburgh with a degree in Information Science where he focused on networking and security. He continued his education by obtaining the Offensive Security Certified Professional (OSCP) and the eLearnSecurity Junior Penetration Tester (eJPT) certifications. When not participating in capture the flag events, Andrew works as a pyrotechnic operator setting up and shooting firework shows in the Pittsburgh area.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

The Exploit articles written by Andrew Trexler

  • Cool Tools Series: Nuclei
    , , ,

    Cool Tools Series: Nuclei for Penetration Tests

     By Andrew Trexler Raxis’ Andrew Trexler shows how useful Nuclei is for network and application penetration tests, discovering vulnerabilities such as default passwords and more. September 10, 2024
  • SQL Injection Attack
    , ,

    SQLi Series: SQL Timing Attacks for Penetration Testing

     By Andrew Trexler Andrew Trexler’s SQLi Series is back, demonstrating SQL Timing Attacks using MySQL’s sleep function in Blind SQL Injection attacks for penetration testing. May 7, 2024
  • SQL Injection
    , ,

    SQLi Series: An Introduction to SQL Injection for Penetration Testing

     By Andrew Trexler Raxis’ Andrew Trexler explains what SQL Injection (SQLi) is and how to perform a simple exploit against a web app login page in penetration tests. April 9, 2024
  • AD Series: Resource Based Constrained Delegation (RBCD) Exploits
    ,

    AD Series: Resource Based Constrained Delegation (RBCD) for Penetration Testing

     By Andrew Trexler Exploit msDS-AllowedToActOnBehalfOfOtherIdentitity to gain administrative access in a Resource Based Constrained Delegation (RBCD) attack on penetration tests. March 12, 2024
  • AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py
    ,

    AD Series: Active Directory Certificate Services (ADCS) Exploits Using NTLMRelayx.py for Penetration Tests

     By Andrew Trexler Andrew Trexler ran into issues with certipy when testing on port 443 and found that NTLMRelayx.py worked better in for those ADCS Exploits on penetration tests. January 23, 2024
  • Active Directory Certificate Services (ADCS) Misconfiguration Exploits
    ,

    AD Series: Active Directory Certificate Services (ADCS) Misconfiguration Exploits for Penetration Tests

     By Andrew Trexler Andrew Trexler adds to his AD series with a tutorial of Active Directory Certificate Services (ADCS) misconfiguration exploits for penetration tests. August 10, 2023