Highlighted
Hacking a Xiongmai IoT Camera Disguised as an 'AI Birdfeeder' Rooting a cheap IoT camera through UART debugging, network analysis, and exploiting hardcoded credentials
Privilege Escalation Using AWS IAM Roles Anywhere Abuse open trust policies in AWS IAM Roles Anywhere for privilege escalation
AWS SSO Phishing Abusing AWS SSO device code authentication to phish credentials from organizations using AWS Single Sign-On.
AWS ECS attack methods A deep dive into AWS ECS internals and attack methodology
2026
Escaping Kubernetes-based GitHub Action Runners Escape a GitHub Self-Hosted Runner by abusing ARC's default docker-in-docker configuration
Building an LLM Discord Bot to Impersonate My Friend Using RAG and a local LLM to impersonate a Discord user based on their message history
2025
Hacking a Xiongmai IoT Camera Disguised as an 'AI Birdfeeder' Rooting a cheap IoT camera through UART debugging, network analysis, and exploiting hardcoded credentials
Privilege Escalation Using AWS IAM Roles Anywhere Abuse open trust policies in AWS IAM Roles Anywhere for privilege escalation
Aegis - A Serverless SSH Certificate Authority Aegis is a serverless SSH certificate authority on AWS Lambda that issues short-lived certificates via OIDC.
Self-Hosted Logging Pipeline Building a self-hosted monitoring pipeline with Ansible, Prometheus, Loki, and Grafana.
2024
DEFCON 32 Recap of DEFCON 32
Sharing AWS Internal Services with Private Link Sharing internal AWS applications using AWS Private Link
2023
Golang API With Dependency Injection An experiment into Golang API design patterns and dependency injection.
2022
GoLang Brainfuck Interpreter Building a Brainfuck interpreter in Go with a lexer, parser, and AST.
High Availability Discord Minecraft Bot Minecraft Bot in AWS that is controlled by Discord using highly scalable architecture.
Sorry hashicorp Exploring Terraform Enterprise and getting caught
AWS SSO Phishing Abusing AWS SSO device code authentication to phish credentials from organizations using AWS Single Sign-On.
2021
AWS ECS attack methods A deep dive into AWS ECS internals and attack methodology
Getting AWS creds via SSRF on rss.app Finding a vuln in rss.app that returns Ec2 instance profile credentials.
Kubernetes Cryptojacking Attacking Kubelet Api to gain access to a Kubernetes cluster but how do we Cryptojack?
Hacking the Software Engineering Club Conducted a Web pentest on the SJSU SEC club website.
A Quick Look At Pritunl VPN Looking at Pritunl internals in hopes of finding new bugs.
CVE-2020-27358 and CVE-2020-27359 A quick write-up on my first two CVEs.
2020
Welcome! Welcome to the new site!