Hi, I'm Andrew!

WhoAmI

┌──(andrew㉿kali)-[~]
└─$ cat about.txt

  Name     : Andrew Kapaldo
  Location : Morgantown, WV
  Role     : IT Cybersecurity Specialist | Security Researcher | CTF Player
  Certs    : CompTIA A+, Network+, Security+, PenTest+ | (ISC)² SSCP, CCSP

  Cybersecurity professional with 10+ years in IT and security. I enjoy
  tackling complex security challenges and documenting my learning through
  detailed writeups and CVE proof of concept research.

  When I'm not breaking into virtual machines or solving cryptography
  puzzles, I volunteer with my local search and rescue team — helping
  find lost and missing persons in wilderness and urban environments.

┌──(andrew㉿kali)-[~]
└─$ ./get_skills.sh --list

  [+] Core Competencies:
      ├── Web Application Security
      ├── Digital Forensics
      ├── Network Analysis
      └── OSINT & Reconnaissance

  [+] Languages & Tools:
      ├── Python (Scripting & Exploit Dev)
      ├── PowerShell (Windows Security)
      ├── Bash (Linux Administration)
      ├── Burp Suite, Wireshark, Ghidra
      └── Metasploit, SQLmap, Nmap

┌──(andrew㉿kali)-[~]
└─$ █

cat writeups | tail -n 8

ProjectHelix

8 minute read

🔍 Project Helix

heap3

2 minute read

⚒️ Heap 3

heap2

2 minute read

⚒️ Heap 2

heap1

1 minute read

⚒️ Heap 1

heap0

1 minute read

⚒️ Heap 0

StegoRSA

less than 1 minute read

🔐 StegoRSA

MiniRSA

1 minute read

🔐 Mini RSA

EvenRSACanBeBroken

1 minute read

🔐 Even RSA Can Be Broken???

View All Writeups →

cat cve | tail -n 4

CVE-2026-25769 — Wazuh RCE

A critical insecure deserialisation vulnerability in Wazuh’s cluster communication protocol allows a compromised worker node to execute arbitrary commands on...

CVE-2026-31431 — Copy Fail

A logic bug in the Linux kernel’s authencesn cryptographic template allows an unprivileged local user to perform a controlled 4-byte write into the page cach...

View All CVE Research →

ls -la ./Achievements/

(ISC)² CCSP

Certified Cloud Security Professional

CompTIA PenTest+

Penetration testing and vulnerability assessment

M.S. Business Cybersecurity Management

In progress — West Virginia University, expected August 2026

cat current.log

🔍 Currently Exploring:

Developing custom Python tools for CTF automation
Deep diving into Windows privilege escalation vectors
Building a home lab for malware analysis

📚 Learning Goals:

CISSP Certification (2026)
MS Business Cybersecurity Management (2026)
Advanced web application penetration testing
Reverse engineering and malware development

Feel free to reach out via GitHub or LinkedIn. I'm always happy to discuss security topics, CTF strategies, or collaborate on projects!

Hi, I’m Andrew!

Andrew Kapaldo

WhoAmI

cat writeups | tail -n 8

cat cve | tail -n 4

ls -la ./Achievements/

(ISC)² CCSP

CompTIA PenTest+

M.S. Business Cybersecurity Management

cat current.log