Author Image

~/Hi, I am JoMar

Joshua Martinelle

Research Engineer at Tenable™.

Hacker at heart, I started as a pentester and I continue to practice by doing bugbounty on various platforms. Sometimes, I work on some fun projects such as writing custom scripts, tools, etc.

Hard Working
Team Work
Fast Learner
Problem Solving
Communication

Skills

Experiences

1
Research Engineer
Tenable.

Feb 2021 - Present, Remote

Tenable, Inc. is a cybersecurity company based in Columbia, Maryland. It is known as the creator of the vulnerability scanning software Nessus.

Responsibilities:
  • Development of plugins for the Web Application Scanner solution
  • Vulnerability analysis
  • Creation of lab and proof of concept
Pentester
Synetis.

Sept 2018 - Jan 2021, Rennes

Consulting firm in digital transformation and information systems security.

Responsibilities:
  • Internal and external penetration tests
  • OSINT
  • Technical training
  • Vulnerability management
  • Project management
2
3
System and network administrator
Libricks

Sept 2017 - Sept 2018, Laval

Libricks analyses and contributes to the main Free (Open Source) IT projects.

Responsibilities:
  • Installation and administration of infrastructures based on open source solutions
  • Project management
System and network administrator
CFAVM

Sept 2015 - Sept 2017, Laval

Training center for young people in various trades such as food service

Responsibilities:
  • Management of a computer park with mainly Windows services (AD, Exchange, SQL Server, …)
  • Project management
4

Projects

PwnedPasswordsChecker
PwnedPasswordsChecker
Author Jan 2020 - Present

Search (offline) if your password (NTLM or SHA1 format) has been leaked (HIBP passwords list)

Hobby
Star
HIBP_PasswordList_Slimmer
HIBP_PasswordList_Slimmer
Author Arp 2020 - Present

Converted the text list to binary to save space

Hobby
Star
AutoRecon
AutoRecon
Author Feb 2019 - Nov 2020

Simple shell script for automated domain recognition with some tools (Archived)

Hobby
Star
AnotherVulnerableWebApp
AnotherVulnerableWebApp
Contributor Aug 2020 - Mar 2021

Simple vulnerable site, created by a beginner for beginners. This vulnerable site covers several vulnerabilities some from real bugbounty cases encountered in bugbounty.

Hobby
Star
Bounty-Dashboard
Bounty-Dashboard
Contributor Dec 2020 - Mar 2021

Facilitate the management of your reports as well as collaborative work by providing a web-based solution.

Hobby
Star

Last Posts

Card image cap
My methodology during Firstblood

My methodology during Firstblood Hello everyone From the 9th to the 16th of May the first live event of BugBountyHunter took place, namely Firstblood. Of course I participated. For this first event I was in collaboration with my bugbounty mate Serizao, but I greatly thank’s all hunters I exchanged with during the event. I strongly believe that collaboration is the key, and the proof is that this is a team that finished on the podium.

July 17, 2021 Read
Card image cap
My bounty infrastructure

My bounty infrastructure with Docker [31/12/2020] : Updated the post for Rengine to v0.5 and a clearer / cleaner configuration of Traefik as well as the removal of Portainer. After some problems with Rengine for certificate management and a new service that I want to use, I switched to a full docker infrastructure on my server, apart from the use of a few containers it’s my first experience with Docker but after some difficulties I find it rather practical and modular.

May 21, 2021 Read
Card image cap
Basic recon to RCE

Recently on a BugBounty program I came across my first RCE, discovered and exploited rather quickly on a solution with a vulnerability that I don’t master at all : Java Deserialization Recon Currently improving my recognition tool AutoRecon, originally intended to help me with subdomain enumeration, I also want to perform some recognition tasks that are quite annoying when you have to do it many times. The scope in question is like *.

May 2, 2021 Read

Achievements

YesWeHack

Intigriti

BugBountyHunter