Writeups
Public vulnerability research, disclosure writeups, and class-of-vuln deep dives. Client identifiers from confidential engagements are redacted; technical substance is preserved.
FileGator v7.14.0 — Privilege Escalation via Unvalidated chmod Endpoint
A low-privileged authenticated user with the chmod permission could set arbitrary Unix special permission bits (setuid, setgid, sticky) on any file or directory they could reach across all three storage adapters (Local, SFTP, FTP). With one recursive call, the entire repository tree could be flipped to setuid root.
Starlette — Form-Parser Limits Silently Ignored for URL-Encoded Bodies
Starlette's Request.form() advertises max_fields, max_files, and max_part_size as resource-consumption guards. They are correctly enforced for multipart/form-data but quietly dropped on the application/x-www-form-urlencoded path, so any FastAPI or Starlette app that calls request.form() and accepts URL-encoded bodies is exposed to a one-request event-loop-blocking DoS.
From Domain User to Golden Ticket — PetitPotam → AD CS ESC8 → DCSync
A full internal Active Directory compromise chain, walked end-to-end. Starting from an unprivileged domain account on a three-DC Windows Server 2019 forest, the assessment coerced a Domain Controller into authenticating against an attacker-controlled SMB relay, relayed the NTLM auth to AD Certificate Services, obtained a machine certificate, used it to issue a TGT, and dumped krbtgt — closing with a Golden Ticket for indefinite, log-quiet Domain Admin persistence.
Sequelize Raw-Query SQL Injection via the Sort Parameter
Sequelize is the default ORM for most Node.js teams, and almost every team using it has at least one place where they reach past the parameterised API and write a raw query — typically to handle a feature the high-level API doesn't ergonomically support, like ORDER BY on a user-supplied column. That single shortcut is where the SQLi sneaks in. Walked end-to-end against a PostgreSQL backend serving PHI: error-based exfiltration in one path and time-based blind in another, both from the same root cause.
One-Click Account Takeover via OAuth Implicit Flow and Lax Redirect URI Validation
Azure AD tenants that still allow the OAuth 2.0 implicit grant — paired with redirect URI lists that accept arbitrary domains, or with hosts in the allow-list that proxy redirects — give an attacker a single-link account takeover. The victim clicks a normal Microsoft login URL, authenticates against their real tenant, and the access token is delivered to an attacker-controlled domain in the URL fragment of the response.
Angular bypassSecurityTrustHtml + Missing httpOnly = Session Hijack on a PHI App
Angular ships a sanitiser specifically to keep developers out of trouble. Calling bypassSecurityTrustHtml() turns that protection off for the rest of the request lifecycle, and most codebases that reach for it do so without grasping how complete the bypass is. Combine that with an auth-token cookie that's missing the httpOnly attribute, and the result is a single stored payload that exfiltrates every viewer's session — including the administrators reviewing the affected record. Walked end-to-end on a HIPAA-scope application; client identifiers redacted.
Auditing Firebase — Open Registration + Permissive Firestore Rules = Full Production CRUD
Firebase makes shipping a backend a forty-minute exercise. It also makes shipping the wrong backend a forty-minute exercise. The single most common misconfiguration I encounter against Firebase-fronted applications is the combination of open user registration (left enabled from the dev phase) and Firestore security rules that grant blanket access to authenticated users. Together they collapse the entire production database into something any internet user can read, write, and delete. Walked end-to-end against a real production instance, sanitised.
A Nine-Agent Bedrock Security Pipeline for Every Pull Request
Notes from designing and shipping a multi-agent LLM security pipeline that runs on every pull request — SAST, semantic logic, secrets, SCA reachability, API security, CI/CD supply chain, threat-model drift, with an adversarial validator behind it all and a deterministic Python quality gate that the model cannot influence. Covers the prompt engineering, the safeguards against LLM manipulation, the dual-LLM cascade economics, and the production lessons that took half a dozen iterations to learn.
The Axios npm Supply-Chain Attack — One Org's Twenty-Four Hours
On March 31 2026, two compromised versions of the axios package were published to npm carrying a hidden cross-platform RAT attributed to BlueNoroff (a Lazarus Group subunit). This is the incident-response narrative from inside one organisation that was in scope and survived without compromise — what we did between the public disclosure landing in our Slack and the final containment ticket closing the next afternoon. Times, evidence, decisions, the gaps we found in our own visibility along the way.
Bypassing AWS WAF's 8 KB Body Inspection Limit for Stored XSS
AWS WAF inspects only the first 8 KB of a request body by default. A modest image upload endpoint, fronted by an otherwise solid WAF rule set, can be coerced into accepting a stored XSS payload by padding the request past that threshold and parking the script tag in the bytes the inspector never sees. The payload then sits in object storage and waits to be served back.