Stories by christophetd

Building an NPM Worm (2016)

Stop worrying about 'allowPrivilegeEscalation'

Amazon ECS is the new EC2 for crypto mining

Partial bypass of the login rate limiting in the AWS Console

Cloud Breaches of 2022

Investigating a backdoored PyPI package targeting FastAPI applications

Identify malicious PyPI packages using static analysis and metadata heuristics

Demystifying the OpenSSL punycode vulnerability and exploitation walk-through

Using the Dirty Pipe Vulnerability to Break Out from Containers

"Stratus Red Team", an open-source adversary emulation tool for the cloud

Using Twitter to notify careless developers – the unorthodox way

Cloud Security Breaches and Vulnerabilities: 2021 in Review

GitHub taking down tools allowing defenders to reproduce the Log4j vulnerability

A one-pager for AWS announcements at re:Invent 2021

Compensation, rationality and the project/person fit (2012)

How to grab control: 4 tactics used by UI libraries

Phishing for AWS credentials via AWS SSO device code authentication

Show HN: A tool for painless automated backups

NSEInfo: a tool to easily search through the 500+ nmap's NSE scripts

Exploiting the code execution engine powering InterviewCake, CodeWars and others