Matthew Eidelberg is a Red Teamer with nine years of offensive security experience, currently consulting at Black Hills Information Security after senior roles at Optiv where he led breach and threat management efforts. He combines deep hands-on exploit and payload development with engineering rigor—contributing to open-source tooling such as ScareCrow, Ivy, and SourcePoint that focus on EDR/AMSI bypass, VBA in-memory execution, and C2 profile generation. His background spans wireless pentesting tooling and novel delivery techniques (including a ZIP-exec loader), reflecting a blend of low-level attack techniques and backend engineering. Known for practical evasions like ETW/AMSI bypasses, code-signing work, and loader innovation, he bridges red team operations and developer-centric tooling. Based in Old Toronto, he holds a Bachelor of Technology in Informatics and Security from Seneca@York and has a track record of shipping reproducible offensive frameworks that practitioners use to emulate real-world adversaries.
9 years of coding experience
7 years of employment as a software developer
York Mills
Bachelor of Technology, Infomatics and Security, Bachelor of Technology, Infomatics and Security at Seneca@York
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
Role in this project:
Backend Engineer
Contributions:12 releases, 24 commits, 8 PRs in 11 months
Contributions summary:Matthew's primary contribution involves generating Cobalt Strike command and control profiles, a core functionality of the `tylous/sourcepoint` repository. The code changes focus on building various profile components, including communication, HTTP, and SSL configurations. Furthermore, the commits highlight modifications to custom URI generation and profile selection features. These contributions indicate a focus on enhancing the functionality and flexibility of the profile generation process.
ScareCrow - Payload creation framework designed around EDR bypass.
Role in this project:
Security Engineer
Contributions:20 releases, 56 commits, 3 PRs in 1 year 4 months
Contributions summary:Matthew primarily contributes to the payload creation framework "ScareCrow," focusing on bypassing EDR systems. Their commits demonstrate a deep understanding of DLL loading, code signing, and process injection techniques. They have added features like sandbox evasion, ETW (Event Tracing for Windows) and AMSI (Antimalware Scan Interface) bypasses, as well as new payload delivery methods. Furthermore, the user worked on improving the code signing functionality and added options for different loader types.
pythonpayloadedrbypasscreation
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Matthew Eidelberg - Red Teamer at Black Hills Information Security