M. Cory Billington

M. Cory Billington

sysadmin turned pentester OSCP/OSWE

About

I’m mostly interested in web application security, but dabble in a bit of everything.

Background

Linux systems administration coupled with some Django/python development work. Did everything from physical server racking/installs to hosting public websites, and all the load balancing/DNS/containerization/dev work in between. I did that for about a year and a half, got OSCP, and a few months later I moved into a penetration testing role.

Research

I spend some of my free time messing with applications that I find interesting. Most of what I’ve found has a writeup in the Posts section, and a complete list can be found in the Research section.

Certifications

Offensive Security Certified Professional (OSCP): Verify
Offensive Security Web Expert (OSWE): Verify

Talks/Podcats/etc

Talk Org Host
From Veteran to Penetration Tester Offensive Security Interviews Jon Helmus
Hardware Hacking: The Easy Way In… The Pwn School Project Phillip Wylie
Interview With A Red Teamer - Cory Billington cwinfosec cwinfosec
From Pawning To Pwning | A Conversation With Cory Billington The Hacker Factory Podcast Phillip Wylie

Tools

SharpFind

SharpFind is a tool written to provide some of the useful features of the Unix tool find, such as writable files, recently modified files, wildcard searching, and it can identify .NET assemblies. Since it is written in .NET, you can use it over C2 in Cobalt Strike with execute-assembly or Covenant using Assembly.

sshspray

sshspray is a multi-threaded python tool that can be used to spray ssh keys or passwords across a large number of hosts. I wrote this application as hydra did not have the capability to provide an SSH key.