April 22, 2024

Public disclosure of a vulnerability in AWS Amplify which exposed IAM roles associated with Amplify projects to be assumed by anyone in the world.

April 3, 2023

Writeup for two minor cross-tenant vulnerabilities I found in AWS App Runner.

March 27, 2023

Writeup for a technique I found to leak an AWS account ID from an Amplify app.

January 23, 2023

An introduction to AWS API protocols and how they work.

November 21, 2022

Datadog: Technical analysis of a confused deputy vulnerability I found in AWS AppSync.

November 1, 2022

Datadog: A technical analysis of the OpenSSL punycode vulnerability.

September 16, 2021

Revisiting and building on the original Lambda persistence technique.

June 3, 2021

Writeup for a cross-site scripting bug I found in the AWS Console.

January 27, 2021

Research on post-exploitation techniques against SSM Agent abusing send-command and start-session.

October 17, 2020

Writeup for a bug I discovered in the AWS API that would allow you to enumerate certain permissions for a role without logging to CloudTrail.

August 11, 2020

Tunnel out of restricted security groups by abusing connection tracking.

July 11, 2020

Some research I did on abusing GitLab Runners to steal information by emulating a runner's behavior.

May 10, 2020

Writeup for CVE-2020-11108 covering how I found the vulnerability and how it can be exploited for fun/profit.

February 23, 2020

Demonstrating how to exploit deserialization attacks in Python 2/3

January 11, 2020

A guide on how to intercept Linux CLI tool traffic with Burp Suite

September 4, 2019

A guide to bypass the GuardDuty PenTest Finding Type

July 1, 2019

A guide on how to steal IAM role keys and use them without being detected

June 4, 2019

An introduction to IDOR attacks

December 3, 2018

An in depth overview of the Content Security Policy header

October 4, 2018

Some advice based on my experience with Angular Universal

July 23, 2018

My thoughts and experiences with the OSCP