Author Image

~/Hi, I am JoMar

Joshua Martinelle

Research Engineer at Tenable™.

Hacker at heart, I started as a pentester and I continue to practice by doing bugbounty on various platforms. Sometimes, I work on some fun projects such as writing custom scripts, tools, etc.

Hard Working
Team Work
Fast Learner
Problem Solving
Communication

Skills

Experiences

1
Senior Software Engineer
Tenable.

Feb 2021 - Present, Remote

Tenable, Inc. is a cybersecurity company based in Columbia, Maryland. It is known as the creator of the vulnerability scanning software Nessus.

Responsibilities:
  • Development of plugins for the Web Application Scanner solution
  • Vulnerability analysis
  • Creation of lab and proof of concept
Pentester
Synetis.

Sept 2018 - Jan 2021, Rennes

Consulting firm in digital transformation and information systems security.

Responsibilities:
  • Internal and external penetration tests
  • OSINT
  • Technical training
  • Vulnerability management
  • Project management
2
3
System and network administrator
Libricks

Sept 2017 - Sept 2018, Laval

Libricks analyses and contributes to the main Free (Open Source) IT projects.

Responsibilities:
  • Installation and administration of infrastructures based on open source solutions
  • Project management
System and network administrator
CFAVM

Sept 2015 - Sept 2017, Laval

Training center for young people in various trades such as food service

Responsibilities:
  • Management of a computer park with mainly Windows services (AD, Exchange, SQL Server, …)
  • Project management
4

Projects

PwnedPasswordsChecker
PwnedPasswordsChecker
Author Jan 2020 - Present

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list)

Hobby
Star
HIBP_PasswordList_Slimmer
HIBP_PasswordList_Slimmer
Author Arp 2020 - Present

Converted the text list to binary to save space

Hobby
Star
AutoRecon
AutoRecon
Author Feb 2019 - Nov 2020

Simple shell script for automated domain recognition with some tools (Archived)

Hobby
Star
AnotherVulnerableWebApp
AnotherVulnerableWebApp
Contributor Aug 2020 - Mar 2021

Simple vulnerable site, created by a beginner for beginners. This vulnerable site covers several vulnerabilities some from real bugbounty cases encountered in bugbounty.

Hobby
Star
Bounty-Dashboard
Bounty-Dashboard
Contributor Dec 2020 - Mar 2021

Facilitate the management of your reports as well as collaborative work by providing a web-based solution.

Hobby
Star

Last Posts

Card image cap
Basic recon to RCE

Recently on a BugBounty program I came across my first RCE, discovered and exploited rather quickly on a solution with a vulnerability that I don’t master at all : Java Deserialization Recon Currently improving my recognition tool AutoRecon, originally intended to help me with subdomain enumeration, I also want to perform some recognition tasks that are quite annoying when you have to do it many times. The scope in question is like *.

May 2, 2021 Read
Card image cap
SSRF Through PDF Generation

This week on a BugBounty program which I left aside I found my first SSRF, here is my writeup. Recon The scope is restricted to the website and its API, rather basic it allows to register as a simple user and has only a few features. The program has been open for several months already, I approached the site thinking I probably won’t find much. However from the first hours I already had several P2 (IDOR).

May 1, 2021 Read
Card image cap
My first OOB XXE exploitation

Recently on a BugBounty program I came across my first XXE, blind what’s more, as I found this case interesting I wanted to share it here. Recon The recognition phase is quite basic, the scope is composed of a single URL with 2 distinct backends (administrators and users). For each of these backends the users' view is limited according to the rights they have. https://domain.tld/admin => URL for admin backend https://domain.

April 30, 2021 Read

Achievements

YesWeHack

Intigriti

BugBountyHunter