I have worked in information technology and security since 2005. I’m experienced in network, wireless, mobile, and web application penetration testing, vulnerability management, networking, firewalls, AAA, Active Directory, application and server virtualization… I’ve worked with most of the enterprise IT stack over my career. My certifications: CRTO, GXPN, OSCP, OSWP, Security+, CCNA (Expired), CCA
I’m a retired Navy Aviation Electrician, and have worked on P-3 Orion aircraft as well as various versions of H-60 helicopters. I started out as an Undesignated Airman, and once I decided on becoming an Aviation Electrician, I worked in the AE shop during my spare time and learned electronics by reading the Navy Electricity and Electronics Training Series (NEETS) guides. One of my best attributes is the ability to pick up a book, (or these days use my google-fu) and figure out how to get things done.
In my spare time I enjoy learning and doing infosec labs, riding my Harley and being outdoors with my beautiful wife.
My favorite quote is from H.D. Moore: “If you don’t think you’re a n00b, you’re not trying hard enough.” What this means to me is that every day I try to learn and be better than the day before and step outside my comfort zone.
The one thing that had the greatest affect on my success is “interest vs. committment”. If you’re interested in doing something, you’ll most likely fail unless your goals are really easy and insignificant. To acheive your goals and change your life you must be committed. When you’re committed, you don’t make nor accept excuses. If you goal is to lose 20 pounds and you say that you’re going to wake up early and exercise, you don’t hit the snooze button when your alarm goes off, or try to justify to yourself why it’s ok to eat just this one junkfood snack. If your goal is to earn an infsec certification or learn a skill but you’re too tired to study or lab at night because of long working hours or family committments, set your alarm to wake up early. Then don’t make excuses and hit the snooze button. The alarm goes off, you drag your ass out of bed and do some stretching and light calisthenics while the coffee brews and then put in some uninterrupted study time before you have to move on to family and/or work commitments.
Contact info:
Email: sdcampbell68 at live dot com
CVE’s/Vulnerabilities Discovered:
CVE-2022-23436 Multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist in Nakivo Backup and Replication before 10.5.0.60727.
CVE-2019-5648/R7-2019-39 (8.7 High) LDAP bind credential exposure in Barracuda Email Security Gateway, Web Application Firewall. https://blog.rapid7.com/2020/03/05/r7-2019-39-cve-2019-5648-ldap-credential-exposure-in-barracuda-load-balancer-adc-fixed/
CVE-2018-5550 (6.1 Medium) Epson AirPrint XSS
CVE-2016-10108 (9.8 Critical) Western Digital MyCloud Remote Command Injection
CVE-2016-10107 (9.8 Critical) Western Digital MyCloud Remote Command Injection.
Insecure Direct Object Reference (IDOR) - www.navycollege.navy.mil, 2005. Steven identified an IDOR vulnerability which exposed the PII of Navy and Marine Corps personnel to the Internet.