About
I’m Josh Allman. I work in tactical response at Huntress, doing incident response and helping make sense of messy, real-world intrusion activity.
This site is my research blog and working archive. I use it to document investigations, write up threat research, share practical notes from response work, and keep a public record of the projects and ideas I keep returning to.
My background into security was not especially linear. I started as an apprentice in a computer repair shop, moved into infrastructure work, and eventually found my way into cybersecurity through equal parts curiosity, persistence, and a lot of help from people who were generous with their time. That foundation still shapes how I work now: stay practical, explain things clearly, and focus on what is useful when things are moving fast.
Outside of my day-to-day role, I also do independent security research and co-founded CtrlAltInt3l. You may see some external work linked from here, but this site stays focused on the writing, investigations, and notes I publish under my own name. Most of the work here sits somewhere around incident response, malware analysis, threat hunting, vulnerability research, and the tooling or build notes that support that work.
Training and Certifications
Training matters to me, but I see it as supporting material rather than the headline. Still, for completeness:
Selected Work Elsewhere
This is a selection of public work across blog posts, research threads, and conference talks:
- Medusa Ransomware
- CrushFTP Exploitation
- BianLian
- INC Ransomware
- Response to a legacy exploit
- Apache ActiveMQ
- Threat Hunting RMM
- SlashAndGrab
- Utilizing ASNs for Hunting & Response
- Ransomware Initial Access Brokers Exposed
- Persistent Chinese Operation Against Vietnamese Universities
- Bsides How we hacked into a Polar Orbit Satellite
- Active Exploitation of SonicWall VPNs
- OWASSRF Response
- Huntress Cambridge & Bristol roadhow
- Bsides Cymru 2025:These Hackers Fucking Suck
- Huntress London Roadshow