Joshua Wright

Rogue hacker-turned-infosec-professional, Joshua Wright initially got into the infosec field after getting caught hacking, uncovering a vulnerability disclosure in the process. With the threat of a lawsuit looming, Joshua decided to pursue good over evil, launching his infosec career in 1997 with Johnson & Wales University. Since then, he’s worked at five companies and today serves as director and senior security analyst for CounterHack, a company devoted to the development of information security challenges for education, evaluation, and competition. He is the author and an instructor for SANS most-popular course SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling.

More About Joshua


Through his experiences as a penetration tester, Joshua has worked with hundreds of organizations on attacking and defending mobile devices and wireless systems, ethically disclosing significant product and protocol security weaknesses to well-known organizations.

A hacker at heart, Joshua admits that his current role is his most interesting job so far because he gets the chance to hack into credit card processing systems, gambling casinos, and smart shower systems to learn the mistakes developers and system designers make and figure out how to exploit them. He also loves the thrill of developing the annual Holiday Hack Challenge, which gives him the chance to add new and exciting challenges that reflect modern technology while appealing to a wide audience of players of different ages and experience levels.

In 2003, Joshua also began teaching for SANS as a way to combine his interests in hacking and teaching. Today, as lead author for SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling, Joshua turns his experience hacking into customer networks into real-world case studies that students can relate to. “I really enjoy seeing my students make mistakes, realize the mistake, and immediately benefit from the realization,” he says.

One of Joshua’s favorite student interactions was working with a blind student who never let his physical challenges hold him back from achieving great things. He’s found that his most successful students in the classroom are “those who push themselves to struggle and stumble, then recover and accomplish new goals with my support.”

In addition to being a SANS Faculty Fellow, Joshua serves as the Technical Director of Counter Hack. At Counter Hack he performs penetration testing and red teaming for large and small organizations, and leads the development of technical challenges for the Holiday Hack Challenge.

Co-author of Hacking Exposed Wireless, 3rd Edition, Joshua is also open-source software advocate who’s conducted cutting-edge research resulting in several software tools that are commonly used to evaluate the security of widely deployed technology targeting WiFi, Bluetooth, and ZigBee wireless systems, smart grid deployments, and the Android and Apple iOS mobile device platforms.

Joshua runs websites for several non-profit organizations where he lives in Rhode Island, volunteers as a photographer for non-profit organizations, and contributes his time and talent taking high school senior portraits and headshots for low-income families. Joshua is also a faculty member of the SANS Technology Institute, an NSA Center of Academic Excellence in Cyber Defense and multiple winner of the National Cyber League competition. When he’s not working, you’ll find Joshua spending time with his family and dogs, doing photography, playing guitar, writing, exploring alternative printing from the 1800s using noble metals (platinum, silver nitrate, gold, and palladium), and of course hacking.



What's New in SEC504: Hacker Tools, Techniques, Exploits and Incident Handling, July 2020

Develop Technical Recall Skills: Spaced Repetition with Anki, May 2020

More Super Practical Bleu Tips Tools, and Lessons Learned from Team-Based Training: Coordinating Hand-Offs, Your Buddy RITA, and Microsoft Message Analyzer FOR THE WIN!, August 2019

Tips, Tricks, and Cheats Gathered from Red vs. Blue Team-Based Training, July 2019

Which SANS Pen Test Course Should I Take? - February 2018 Edition, February 2018


  • KillerBee - KillerBee is a framework, programming API, and suite of tools for testing the security of ZigBee wireless networks.
  • KillerZee - KillerZee is a framework, programming API, and suite of tools for testing the security of Z-Wave wireless networks
  • BitFit - BitFit is a tool for guaranteeing an integrity check for distributed data files.
  • PPTXIndex - PPTXIndex generates a Microsoft Word indexed document from PowerPoint PPTX files.
  • PlistSubtractor - PlistSubtractor simplifies the process of assessing nested plist data
  • PPTXSanity - PPTXSanity evaluates all of the links in a PowerPoint file to check for dead links
  • DynaPstalker - DynaPstalker assists when fuzzing a Windows process by color-coding reached blocks for use in IDA Pro.
  • PPTXUrls - PPTXUrls generates a HTML report of all links in one or more PowerPoint files.
  • NM2LP - NM2LP converts NetMon wireless packet capture data to libpcap format.
  • MFSmartHack - MFSmartHack is a suite of tools for hacking MIFARE DESFire and ULC high frequency RFID cards
  • BTFind - BTFind is a graphical and audio interface for tracking the location of Bluetooth and Bluetooth Low Energy devices
  • CoWPAtty - CoWPAtty is a WPA2-PSK password cracking tool.
  • PCAPHistogram - PCAPHistogram assesses the payload of libpcap packet capture data, generating a histogram to characterize data entropy.
  • EAPMD5Pass - EAPMD5Pass is a password cracking tool for EAP-MD5 packet captures.
  • Asleap - Aleap is a Cisco LEAP and generic MS-CHAPv2 password cracking tool.
  • TIBTLE2Pcap - TIBTLE2Pcap converts Bluetooth and Bluetooth Low Energy packet captures using the proprietary TI SmartRF format into libpcap-compatible files.
  • Bluecrypt - Bluecrypt is a simple implementation of the Bluetooth authentication cryptographic functions including E0, E21 and E22. Includes some wrapper functions to make Bluetooth authentication functions a little simpler.
  • evtxResourceIDGaps - evtxResourceIDGaps is a script to evaluate Windows EVTX logging data to identify evidence of tampered loging data.