Revisiting Lambda Persistence

September 16, 2021

Revisiting and building on the original Lambda persistence technique.

XSS in the AWS Console

June 3, 2021

Writeup for a cross-site scripting bug I found in the AWS Console.

Intercept SSM Agent Communications

January 27, 2021

Research on post-exploitation techniques against SSM Agent abusing send-command and start-session.

Enumerate AWS API Permissions Without Logging to CloudTrail

October 17, 2020

Writeup for a bug I discovered in the AWS API that would allow you to enumerate certain permissions for a role without logging to CloudTrail.

Abusing AWS Connection Tracking

August 11, 2020

Tunnel out of restricted security groups by abusing connection tracking.

Abusing GitLab Runners

July 11, 2020

Some research I did on abusing GitLab Runners to steal information by emulating a runner's behavior.

CVE-2020-11108: How I Stumbled into a Pi-hole RCE+LPE

May 10, 2020

Writeup for CVE-2020-11108 covering how I found the vulnerability and how it can be exploited for fun/profit.

Escalating Deserialization Attacks (Python)

February 23, 2020

Demonstrating how to exploit deserialization attacks in Python 2/3

Intercept Linux CLI Tool Traffic

January 11, 2020

A guide on how to intercept Linux CLI tool traffic with Burp Suite

Bypass GuardDuty PenTest Alerts

September 4, 2019

A guide to bypass the GuardDuty PenTest Finding Type

Hijacking IAM Roles and Avoiding Detection

July 1, 2019

A guide on how to steal IAM role keys and use them without being detected

IDOR Attacks

June 4, 2019

An introduction to IDOR attacks

Security Headers: Content Security Policy

December 3, 2018

An in depth overview of the Content Security Policy header

Angular Universal: Some Insights

October 4, 2018

Some advice based on my experience with Angular Universal

OSCP Review

July 23, 2018

My thoughts and experiences with the OSCP