Blog Posts

• 06 May 2024 » Implicit SAR -- Summary
• 06 May 2024 » Implicit SAR -- Attacking the Confused Deputy
• 06 May 2024 » Implicit SAR -- Modifying Session State
• 06 May 2024 » Implicit SAR -- Bypassing Session Expirations and Revocations
• 06 May 2024 » Implicit SAR -- IAM Evaluation with Implicit Self Assume Role
• 06 May 2024 » Implicit SAR -- IAM Evaluation
• 06 May 2024 » Implicit SAR -- Overview
• 16 Mar 2022 » Bypassing CDN WAF's with Alternate Domain Routing
• 07 Feb 2022 » Personal Coding Projects
• 04 Dec 2020 » Deja Vu in the Cloud
• 27 Nov 2020 » Backdooring User Data
• 22 Nov 2020 » Bridging the gap between code and serverless
• 18 Nov 2020 » Resume
• 15 Nov 2020 » Thoughts on Terraform and Design
• 15 Nov 2020 » Thoughts on Serverless
• 15 Nov 2020 » Thoughts on Kubernetes
• 13 Nov 2020 » VirtualBox NAT and your Loopback Interface
• 13 Nov 2020 » That time I complained about OpenBSD Package Signing and They Fixed It
• 02 Nov 2020 » Cross Cloud Lambda RPC
• 19 Oct 2020 » AWS IMDS Persistence/Priv Escalation
• 18 Oct 2020 » SSM Parameter Store Permissions
• 17 Oct 2020 » Attacking the AWS SDK
• 17 Oct 2020 » Abusing The Aws Sdk
• 08 Feb 2020 » This one weird trick to bypass IP filtering
• 24 Nov 2019 » Japan
• 09 Oct 2019 » TorCamp 2012
• 08 Jun 2019 » Malicious vagrant boxes
• 24 May 2019 » Backdooring Route 53 With Cross Account DNS