About Me
Hacker, Pentesting Consultant, Red Team Infrastructure Automation Architect, and Security Researcher.
Work Experience
Senior Penetration Tester and Security Researcher (IC4)
2019 - 2025 ·
Creative Breakthroughs Inc. (CBI) -> Converge Technological Solutions -> Pellera Technologies
- Performed internal, external, social engineering, wireless, physical, web application, and device penetration tests, as well as Red and Purple team exercises for organizations ranging in size from 50-500,000 employees in verticals including Automotive, Finance & FinTech, Healthcare, Insurance, Manufacturing, Teleconferencing, Web Hosting, Cellular Services, Education, and Local Government.
- Worked on a multi-month red-team engagement with targets spanning three continents.
- Implemented and maintained red team infrastructure automation framework to meet the team’s needs.
- Provided Cobalt Strike & Automation documentation and training internally to Red Team.
- Occasionally acted as back-up to be called in when other senior testers needed assistance gaining initial access, elevating privileges, or bypassing a customer’s security measures.
- Provided mentoring and project guidance to junior and senior consultants, helped guide R&D efforts, maintained R&D Kanban board, tracking progress towards team goals.
- Created content for CBI/Converge blog and other marketing materials.
- Created many tools and scripts to help automate various pentest activities.
Senior Penetration Tester
2014 - 2019 ·
NetWorks Group Inc.
- Performed internal, external, wireless, social engineering, physical, web application, and full-scope penetration testing assessments for organizations ranging in size from 20-2500 employees, in verticals including Pharmaceuticals, Healthcare, Background Checking, Endpoint Protection, Insurance, Finance, Education, Collections, Energy, Law, Research, Banking, Data Hosting, Hospitality, and Managed Services.
- Performed OSINT gathering activities as well as phishing exercises as a part of social engineering activities during engagements where it was in-scope.
- Performed PCI and HIPAA focused penetration tests for organizations with regulatory compliance requirements.
- Performed Vulnerability Assessments, and assisted with initial roll-out of NWG’s vulnerability management service.
- Worked on Red Team engagements with other penetration testers against organizations with mature security teams including active defenders.
- Went through a responsible disclosure process with a vendor for a new/old vulnerability discovered during a penetration test.
- Created documentation for penetration testing capabilities for use by other testers.
- Wrote Ansible playbooks to automate complex multi-system pentest infrastructure deployment.
- Grew and trained a team from one to four testers, providing organizational continuity through the unexpected departure of senior leadership.
Lead Technical Support Engineer
2012 - 2014 ·
Duo Security
- Worked as the sole customer-facing technical support representative for over a year as well as providing 24/7/365 On-Call Operational Support for customers such as Facebook, Twitter, Quicken Loans, Lincoln Financial, etc.
- Deployed and managed enterprise phone network.
- Grew and trained support team up to four team members.
- Gained experience across a wide variety of systems and protocols from exotic PAM and SSHd configurations to RDWeb/RDGateway network structure as well as RADIUS and LDAP authentication systems across a number of VPNs, cloud and web-based products.
- Gained experience automating tasks using python via REST APIs when working with Zendesk and Duo Auth/Admin APIs.
- Performed a series of web application vulnerability scans, as a side project, using several popular scanners against test infrastructure to increase the security of Duo’s service.
- Using Maltego and other OSINT tools, attempted to get an external attacker’s-eye view of the infrastructure of the company during the information gathering phase of a pentesting side-project. Ended up creating a tool which generates and validates email addresses based on information gathered from LinkedIn.
Technical Support Engineer (Tier 1C)
2009 - 2012 ·
Barracuda Networks
- Provided clients across the world with assistance in network appliance configuration and troubleshooting across seven distinct products. (Barracuda Spam and Virus Firewall, Message Archiver, Backup Server, SSL/VPN, Email Security Service, Web Filter, and Cudatel systems.)
- Maintained positive client relationships and professional demeanor through complex situations.
- Often worked as a buffer between clients and developers to meet complex client requirements.
- Performed troubleshooting on various network, hardware, and software issues on highly customized linux systems in unfamiliar networks every day.
- Wrote up bug reports, placed feature requests, and wrote knowledge-base documentation.
- Ran fuzz testing against Barracuda’s Cudatel system as a side project, leading to the discovery of a bug in a very old piece of Nokia code, according to the project’s lead developer. You can find a copy of the discovered PoC in my github repository named ‘exploits’.
Education & Certifications
Associate's Degree in Applied Science in Computer Systems Security
2006 - 2011 · Washtenaw Community College
Offensive Security Certified Professional (OSCP)
2016 · Offensive Security
FCC Technician-class Radio License
6/21/2016 - 06/21/2026 · Federal Communications Commission
Publications, Presentations, & CVEs
Blog Posts
2023; A Pohl; ChatGPT’s Hidden Security Risks Gamble With Business Data; Converge Technology Solutions Blog;
2022; D Evans, A Pohl; Stealing the Bank Vault Codes via Insecure Microsoft Default Settings; CBI Blog;
2021; A Pohl; Web Application Testing: Infiltration Through Obfuscation; Medium - The CBI Effect;
2017; A Pohl; Active Directory Password Filters: The Missing Windows Feature; NetWorks Group Blog;
2016; A Pohl; Your Passwords Are Bad (and there’s probably no fool-proof solution.); NetWorks Group Blog;
2015; A Pohl; Nails in the Coffin: What put SSL in the grave?; NetWorks Group Blog;
CVEs
2011; Unattributed; FreeSwitch Libsofia-sip (mod_sofia) Denial of Service via Route Header (FS-4627); FreeSwitch Bug Tracker; FS-4627
2010; ad0nis; RCA DCM425 Cable Modem - ‘micro_httpd’ Denial of Service (CVE-2010-1544); Exploit Database; CVE-2010-1544
Conference Presenter
2017; Aaron Pohl; Red Team Dev/Ops using Ansible; A2Y.ASM Security Conference 2017;
Projects
NTLM Relay Gat
Companion tool for ntlmrelayx.py that allows for mass code execution, credential harvesting, and listing SMB shares and MSSQL databases. Designed for engagements with hundreds to thousands of active relayed sessions, helping operators find that needle in the haystack.
Ear Trumpet
Python/PowerShell PoC based off DigiNinja’s original ear_trumpet tool. Helps operators determine firewall rules between two endpoints.
Skills
Pentest & Consulting Services
External Network
Internal Network
Social Engineering
Red Teaming
Physical
Purple Teaming
Cloud
Web Application
Device/IoT
Pentest Skills
Port & Vulnerability Scanning
NTLM Relaying & Adversary-in-the-Middle Attacks
Exploitation
AV/EDR Evasion
Post-Exploitation
Active Directory Attacks
Password Attacks
Lateral Movement
Privilege Escalation
Coding Languages
Python
Bash
Ansible
C#
VBA
PowerShell
Batch
HTML
PHP
JS
C
C++
Operating Systems & Networking
Windows 95 - 11, Server 2000-2025
Linux/Unix (Ubuntu, Debian, Fedora, Centos, Backtrack/Kali Linux, OS X)
General Networking, Network Security, and some IOS Experience
Other Skills
Lockpicking
Hobbies
- Computer Games
- D&D
- Karaoke