My Blog
Write-ups from cloud pentesting, CTFs & AI red-teaming. Each post opens the full write-up on Medium.
- AWS
Bypass Restrictions in API Gateway
Using AWS API Gateway misconfigurations to gain unauthorized access to production environments.
- AWS
SSRF to Pwned
Exploiting a Server-Side Request Forgery (SSRF) vulnerability to extract sensitive files from an S3 bucket.
- AWS
Looting Public EBS Snapshots
Enumerating EBS snapshots and exfiltrating data.
- AWS
Escalate Privileges by IAM Policy Rollback
Exploiting IAM policy version control and password cracking zip files
- AWS
Assume Privileged Role with External ID
Using IAM policy and aws-enumerator to escalate privileges within an AWS environment.
- AWS
Identifying the AWS Account ID from a Public S3 Bucket
Understanding the s3-account-search tool.
- AWS
Hunting for Secrets in Git Repos
Discovering secrets hidden in a Git repository and using them to access an AWS S3 bucket.
- AWS
S3 Enumeration Basics
CTF-style challenge focused on S3 enumeration and credential exfiltration.
- AWS
Intro to AWS IAM Enumeration
Get comfortable with AWS Identity and Access Management (IAM) using the AWS CLI.
- AI
Prompt Hacking Gandalf AI
Use prompt injection to bypass Gandalf AI.
- TryHackMe
TryHackMe W1seGuy
CTF style cryptography challenge that focuses on the XOR operator.
- TryHackMe
Tryhackme Traverse
CTF style application security challenge that includes API hacking, python scripting, and command injection.
- TryHackMe
Tryhackme Uranium CTF
Explore OSINT, phishing, wireshark forensics, and SUIDs.
- TryHackMe
Tryhackme Brooklyn Nine Nine
Exploiting anonymous ftp login, steganography, and Linux privilege escalation.
- TryHackMe
Tryhackme Attacktive Directory
Exploiting an active directory domain controller.
- TryHackMe
Tryhackme Looking Glass
Cryptography, Linux enumeration, lateral and vertical privilege escalation.
- TryHackMe
Tryhackme NerdHerd
Exploiting ftp anonymous login, smb enumeration, vigenère ciphers, and a Linux kernel privilege escalation.
- TryHackMe
Tryhackme Git Happens
Enumerating a public git repository.
- TryHackMe
Tryhackme Kenobi
Samba enumeration, ftp exploitation, and linux privilege escalation.
- TryHackMe
Tryhackme Wonderland
Explore python library hijacking, Linux enumeration, and privilege escalation.
- TryHackMe
Tryhackme Inclusion
Practice with Local File Inclusion (LFI) attacks.
- TryHackMe
Tryhackme Easy Peasy
Practice locating a hidden directory to get initial access to a vulnerable machine, and escalating privileges using a crontab.