Matthew Eidelberg

Red Teamer at Black Hills Information Security

Old Toronto, Ontario, Canada
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Matthew Eidelberg is a Red Teamer with nine years of offensive security experience, currently consulting at Black Hills Information Security after senior roles at Optiv where he led breach and threat management efforts. He combines deep hands-on exploit and payload development with engineering rigor—contributing to open-source tooling such as ScareCrow, Ivy, and SourcePoint that focus on EDR/AMSI bypass, VBA in-memory execution, and C2 profile generation. His background spans wireless pentesting tooling and novel delivery techniques (including a ZIP-exec loader), reflecting a blend of low-level attack techniques and backend engineering. Known for practical evasions like ETW/AMSI bypasses, code-signing work, and loader innovation, he bridges red team operations and developer-centric tooling. Based in Old Toronto, he holds a Bachelor of Technology in Informatics and Security from Seneca@York and has a track record of shipping reproducible offensive frameworks that practitioners use to emulate real-world adversaries.
code9 years of coding experience
job7 years of employment as a software developer
bookYork Mills
bookBachelor of Technology, Infomatics and Security, Bachelor of Technology, Infomatics and Security at Seneca@York
github-logo-circle

Github Skills (41)

process-injection10
shellcode10
code-signing10
injection10
zip-archive10
inject10
scapy10
python10
wp-api10
it-security10
audit10
vba10
winapi10
zip10
base64-encoding10

Programming languages (7)

PowerShellRustCVBAGoPythonKotlin

Github contributions (5)

github-logo-circle
Tylous/SourcePoint

Aug 2021 - Jul 2022

SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
Role in this project:
userBackend Engineer
Contributions:12 releases, 24 commits, 8 PRs in 11 months
Contributions summary:Matthew's primary contribution involves generating Cobalt Strike command and control profiles, a core functionality of the `tylous/sourcepoint` repository. The code changes focus on building various profile components, including communication, HTTP, and SSL configurations. Furthermore, the commits highlight modifications to custom URI generation and profile selection features. These contributions indicate a focus on enhancing the functionality and flexibility of the profile generation process.
sourcepointstrikecobalt-strikeprofile-generatorcommand-and-control
optiv/ScareCrow

Jan 2021 - Jun 2022

ScareCrow - Payload creation framework designed around EDR bypass.
Role in this project:
userSecurity Engineer
Contributions:20 releases, 56 commits, 3 PRs in 1 year 4 months
Contributions summary:Matthew primarily contributes to the payload creation framework "ScareCrow," focusing on bypassing EDR systems. Their commits demonstrate a deep understanding of DLL loading, code signing, and process injection techniques. They have added features like sandbox evasion, ETW (Event Tracing for Windows) and AMSI (Antimalware Scan Interface) bypasses, as well as new payload delivery methods. Furthermore, the user worked on improving the code signing functionality and added options for different loader types.
pythonpayloadedrbypasscreation
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Matthew Eidelberg - Red Teamer at Black Hills Information Security