Certificates
PEN-200 (OSCP)
Offensive Security
Red Teaming Learning Path
TryHackMe
Jr Penetration Tester Learning Path
TryHackMe
Web Fundamentals Learning Path
TryHackMe
Pre Security Learning Path
TryHackMe
Introduction to Cyber Security Learning Path
TryHackMe
CVE Exploits
View alljoshuavanderpoll/CVE-2021-3129
Laravel RCE Exploit Script
joshuavanderpoll/CVE-2026-25643
CVE-2026-25643: Frigate ≤0.16.3 Blind RCE via go2rtc exec injection
Featured on Kali Linuxjoshuavanderpoll/CVE-2025-14847
MongoBleed
joshuavanderpoll/CVE-2026-2991
PoC exploit for CVE-2026-2991 — authentication bypass in KiviCare WordPress plugin (≤4.1.2) allowing unauthenticated patient account takeover and admin session extraction.
joshuavanderpoll/CVE-2026-3891
Pix for WooCommerce <= 1.5.0 - Unauthenticated Arbitrary File Upload (CVE-2026-3891) PoC
joshuavanderpoll/cve-2024-56348
CVE-2024-56348 — JetBrains TeamCity <2024.12 auth bypass + RCE exploit (unauthenticated SYSTEM_ADMIN + shell)
joshuavanderpoll/cve-2025-32433
Go PoC for CVE-2025-32433 — unauthenticated RCE in Erlang/OTP SSH.
joshuavanderpoll/CVE-2025-69985
CVE-2025-69985: FUXA ≤1.2.8 Auth Bypass + RCE via /api/runscript
GitHub stats are fetched server-side and cached for a few hours.
Proud Projects
View alljoshuavanderpoll/DitherMe
Creates Watch Dogs 2 DedSec-style dithered images and GIFs
joshuavanderpoll/PGPBox-js
A user-friendly PGP Web GUI for generating, encrypting, signing, verifying, and decrypting PGP messages. Secure your communications effortlessly with this web-based GitHub hosted application.
joshuavanderpoll/CMS-Detector
A lightweight fast Go script to detect which CMS or framework a given website is running, based on HTTP response fingerprints.
GitHub stats are fetched server-side and cached for a few hours.
© Joshua van der Poll