About the Author: Mike Czumak

I served seven years as a Communications Officer in the U.S. Air Force, where I worked in various network operations and information security positions and earned a Master of Science from the Air Force Institute of Technology. I’ve spent the last four years working as an Information Security professional at a non-profit healthcare organization.

I currently reside in New York City with my wife and daughter and spend my free time enjoying the city, attempting to learn the Italian language, and dabbling in amateur photography (

I very much enjoy information security and have spent my career straddling the managerial and technical aspects of this vast field. My primary role is developing and leading an application security and penetration testing program, so most of my time is spent performing hands-on testing of a variety of systems and applications (web, desktop and mobile applications, medical devices, etc). I’m constantly researching various security topics and use this blog as a means to share some of that research and give back to a security community that has taught me so much.

I enjoy helping organizations both big and small fix security flaws in their products and have been publicly recognized by multiple companies including:

You can view my published exploits and vulnerability notices here:

Feel free to contact me on Twitter or LinkedIn (please no sales/product solicitations)

38 Comments add one

  1. Nimo says:

    Hello Mike,

    Excellent review! Can we talk offline? I need some guidelines from you to pass this test as I failed in my first attempt. Thanks in advance!

  2. David says:

    Hello, I would like to know if you could contact me for some questions about OSCP review.

    Thank you in advance.

    Kindest regards.


  3. Sailmn says:

    Hello Mike ! I really Liked your OSCP review I need your Keepnotes File which Has OSCP notes I really Like and Need that One I just hope you will send me on my email i am waiting for you bro Greets from India 🙂

    • Mike Czumak says:

      Thanks for the positive feedback Sailmn, I’m glad you found the review helpful. While I’m willing to share as much detail as I can, unfortunately the only Keepnote files I’ve kept are those that show how I rooted the various boxes and those I won’t distribute. Sorry.

  4. Greg says:

    Mike: I also value your OSCP review and thank you for sharing some scripts. I’m reading through them and see items I have questions about. Would you be willing to discuss the general reasons you chose certain things in the code?

  5. KoF says:

    hi , mike i just want know if we can talk on email , i want discussion something with you ,

  6. Zaman says:

    Hi Mike
    I have read your excellent review about the OSCP. I’m currently enrolled in the course and I need your guidelines. So if we could talk over email?

  7. Colm says:

    Hi Mike,

    if you have some time could you email me to discuss the OSCP.

    Much Appreciatd,


  8. Sachin Wagh says:

    Hi Mike,

    I Like your post and way of explanation.

    Is there any material or resource to learn about fuzzing (File Format) and exploitation ?

  9. Abdul-Mohsen says:

    Hi Mike,

    I really need your help in indicating a learning path to exploitation.

    Therefore, can we communicate offline ?

    Thank you.

  10. Gus says:

    Hey Mike sup,
    Thank you for this important web resource. I really enjoy reading your postings. Is it possible to shoot me an email, I got some important questions I need to ask you about the OSCP and OSCE certs.
    Thank you in advance.

  11. Nick says:

    Hi Mike

    A great CTP writeup, thanks. Would it be possible please to have a copy of alpha_shell?



    • Mike Czumak says:

      Thanks Nick. For the time being I’m not going to post the code as the task is an important part of the course and working through the steps of creating something similar is a great learning tool.

  12. Akis says:

    Hello Mike, i’ve been browsing through your PWK – OSCP review. very helpful indeed. For us that do not afford the extra cash on the course and lab , is it possible to have your notes? I managed to find numerous videos regarding the subject but still, extra notes is always welcomed.


    • Mike Czumak says:

      Sorry, but as I stated in the comments of my review, I’ve purged my raw notes. All I kept was my report (which I definitely cannot share).

  13. Quang Ngo says:

    Hi Mike,
    I was read your OCSP review. Now, i’m looking for this certificate for my job requirement.
    Could you let me know some advices ? Could we talk offline via Email ?

    Looking forward for your reply.

    Many thanks

  14. Andy says:

    I am a novice in penetration testing and attacking lab machines for a certification, but came across your script for linux privilege escalation checking. That script is superb. Your article on the OSCP is very nice, also. I am a programmer with some Unix background but little OS; however, I picked up linux quickly while writing a web app and studying.

    Still, penetration testing is a different universe. It is so exciting to get into all of these disparate technologies.
    Thanks again, Andy

    • Mike Czumak says:

      Thanks very much Andy. It’s always great to hear people genuinely excited to dive into the vast world of Information Security. Keep up those studies!

      All the best,

  15. Trev The IT Guy says:

    Hey Mike, just dropping a line to let you know how much I’ve enjoyed reading your articles over the past several months. Keep up the great work!

    • Mike Czumak says:

      Many thanks Trev! I’m hoping to get some time in the near future to put together some additional in-depth posts. -Mike

  16. Marty says:

    Hi Mike

    A great CTP write-up, thanks. Alter I fail OSCE exam 3 month ago. I need to retake OSCE for my job requirement. Is it possible to shoot me an email, I got some important questions I need to ask you about the OSCE certs?

    Looking forward for your reply.



  17. RD says:

    Hi Mike, any chance we could talk via email OSCE related.

  18. rbp says:

    Hello Mike:
    Thank you for writing great security blog.
    Your articles on “Windows Exploit Development” series are fantastic. Very helpful in my current PWK training and preparation of OSCP certification.
    I am using and with great success. Thank you!
    I have few question to ask offline. Is it possible?
    Thanks again.

  19. Z says:

    Really appreciate your write-ups and reviews.
    Kudos Mike!

  20. Abhijeet Jain (AJ) says:

    Hello Mike,

    Happy Holidays!

    I’ve greatly benefitted from your blog post on OSCP esp tools like linuxprivchecker and the exploit table. Inspired from you, I’ve created another comprehensive set of exploit/PE table that I intend to share with others after I clear my OSCP on Jan 2nd.

    I’m trying to get my foot in the IT Security world since I’m currently a consultant for Middleware applications. I’d like to get your opinion on how a person like me (zero corporate experience in security but with a passion for security) can switch to such a job. Your suggestions, I know, will be valuable for me to pave my career path.

Leave a Comment

Your email address will not be published. Required fields are marked *