Blog - Joshua Martinelle

#WORDPRESS

Jan 7, 2026 • 3 min read

Investigating a Compromised WordPress Site

Diagnosing a WordPress site compromise that was redirecting visitors to adult content and pharmaceutical spam through injected malicious scripts.

Read Article

Hookd: A Lightweight Out-of-Band Interaction Server

#GOLANG

Oct 17, 2025 • 6 min read

Hookd: A Lightweight Out-of-Band Interaction Server

Hookd - A simple webhook server for testing and debugging.

Read Article

#MONITORING

Oct 1, 2025 • 5 min read

Simple Monitoring Solution

Setting up simple monitoring for your services.

Read Article

#WEB3

Jun 25, 2025 • 7 min read

Smart Contract Testing in Remix

Testing smart contracts using Remix IDE.

Read Article

#WEB3

May 18, 2025 • 9 min read

Ethernaut - Dex Two

Solving the Ethernaut DEX Two challenge.

Read Article

#WEB3

May 14, 2025 • 10 min read

Damn Vulnerable Defi : The Rewarder

Solving The Rewarder challenge from Damn Vulnerable DeFi.

Read Article

#WEB3

Apr 14, 2025 • 6 min read

Damn Vulnerable Defi : Side Entrance

Solving the Side Entrance challenge from Damn Vulnerable DeFi.

Read Article

#WEB3

Apr 13, 2025 • 7 min read

Damn Vulnerable Defi : Truster

Solving the Truster challenge from Damn Vulnerable DeFi.

Read Article

#WEB3

Apr 12, 2025 • 11 min read

Damn Vulnerable Defi : Naive Receiver

Solving the Naive Receiver challenge from Damn Vulnerable DeFi.

Read Article

#SECURITY

Apr 9, 2025 • 5 min read

Collaborative Code Auditing

Setting up a collaborative code auditing environment using code-server.

Read Article

#WEB3

Apr 8, 2025 • 8 min read

Damn Vulnerable Defi : Unstoppable

Solving the Unstoppable challenge from Damn Vulnerable DeFi.

Read Article

#BUGBOUNTY

Apr 7, 2025 • 5 min read

Extract and monitor bugbounty scopes

Extracting and monitoring bug bounty scopes automatically.

Read Article

#BLOGGING

Mar 29, 2025 • 4 min read

Blogging in 2025: My Thoughts

My journey through various blogging platforms over seven years and why I finally settled on Hugo with GitHub Pages.

Read Article

#BUGBOUNTY

May 27, 2023 • 8 min read

Bruteforce vs Permutations

Comparing subdomain bruteforce and permutation techniques using Regulator, DNSGen, and AlterX to find the most effective reconnaissance strategy.

Read Article

#BUGBOUNTY

Oct 18, 2022 • 7 min read

Basic recon to RCE III

Exploiting command injection through Ruby string interpolation in a Rails application to achieve RCE via DNS exfiltration.

Read Article

#BUGBOUNTY

Apr 26, 2022 • 7 min read

DNS Tools Comparison

Comparing Amass, DNSX, and PureDNS for DNS resolution accuracy and performance in bug bounty reconnaissance.

Read Article

#BUGBOUNTY

Mar 22, 2022 • 4 min read

Basic recon to RCE II

How trusting my instincts led to discovering a critical RCE that everyone else missed on a popular bug bounty program.

Read Article

#BUGBOUNTY

May 21, 2021 • 6 min read

My bounty infrastructure

A complete Docker-based infrastructure for bug bounty hunting featuring Traefik, XSS-Catcher, Rengine, and more.

Read Article

#BUGBOUNTY

May 2, 2021 • 3 min read

Basic recon to RCE

How I discovered my first RCE through basic reconnaissance and exploiting a known Java deserialization vulnerability in Adobe ColdFusion.

Read Article

#BUGBOUNTY

May 1, 2021 • 5 min read

SSRF Through PDF Generation

Exploiting a Server-Side Request Forgery vulnerability through WKHTMLTOPDF to access AWS metadata and local files.

Read Article

#BUGBOUNTY

Apr 30, 2021 • 6 min read

My first OOB XXE exploitation

Exploiting a blind Out-of-Band XXE vulnerability to exfiltrate sensitive data despite misleading error messages.

Read Article

#GOLANG

Apr 29, 2021 • 6 min read

Binary search in Golang on large files

Implementing binary search in Go to efficiently search through a 550 million line file in seconds instead of hours.

Read Article