Andrew Trexler

Andrew graduated from the University of Pittsburgh with a degree in Information Science where he focused on networking and security. He continued his education by obtaining the Offensive Security Certified Professional (OSCP) and the eLearnSecurity Junior Penetration Tester (eJPT) certifications. When not participating in capture the flag events, Andrew works as a pyrotechnic operator setting up and shooting firework shows in the Pittsburgh area.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

The Exploit articles written by Andrew Trexler

  • Five Things to Always Do After Getting Domain Admin
    , , ,

    Five Things to Always Do After Getting Domain Admin

     By Andrew Trexler So you got DA on your red team or internal network penetration test. Here are the five things that Principal Penetration Tester Andrew Trexler does next. March 24, 2026
  • AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest
    , , ,

    AI-Augmented Series: AI Scripting for Brute-Forcing on a Web App Pentest

     By Andrew Trexler On a recent web app pentest, Andrew Trexler used AI to find client-side code that stopped his brute-force attack then used AI again to thwart that code. March 4, 2026
  • Publicly Accessible Database Discovered Hosting 149 Million Credentials
    , ,

    Publicly Accessible Database Discovered Hosting 149 Million Credentials

     By Andrew Trexler Andrew Trexler looks at a recently discovered public database of stolen usernames and passwords and what you can do now to protect your access and information. February 2, 2026
  • CrowdStrike Fires Insider Who Shared Screens and Auth Cookies Externally
    ,

    CrowdStrike Fires Insider Who Shared Screens Externally

     By Andrew Trexler Though hacker groups claimed to have access to internal systems, CrowdStrike announced they fired an insider who shared external screens with the attackers. December 1, 2025
  • Cool Tools Series: Kerbrute
    , , ,

    Cool Tools Series: Kerbrute

     By Andrew Trexler Raxis Principal Penetration Tester Andrew Trexler walks through the many uses of Kerbrute from user enumeration to brute-forcing and password spraying. October 7, 2025
  • Dev's Fast Reporting of Phish Reduced Impact on Blockchain Malware Attacks
    ,

    Dev’s Fast Reporting of Phish Reduced Impact on Blockchain Malware Attacks

     By Andrew Trexler A recent successful phish allowed attackers to run malware targeting cryptocurrency transactions on various blockchains, but fast reporting limited the damage. September 11, 2025