ls -la /blog/

Security Research & Insights

Technical deep-dives, vulnerability research, and insights from our offensive security experts.

newsletter — subscribe

$cat /private/newsletter

[+]Private vulnerability disclosures before public release

[+]Exclusive security research not on the public blog

[i] No spam. Unsubscribe anytime. Join 500+ security professionals.

platformsecurity://blog/44 files

Application Security

So You Put Your Secrets in GitHub. Bold Move.

GitHub Actions often holds the keys to your entire infrastructure, yet rarely gets the scrutiny it deserves. This post walks through the two main attack paths: clone-and-scan for secrets in repo content and history, and workflow injection to exfiltrate secrets at runtime. It also gives practical steps to lock down your pipelines before a leaked token becomes a full compromise.

Matthew Keeley43 min read

C2 from Scratch Part 2: Server & Deployment

Routing commands through the server, building CLI and GUI operators, generating implants on-the-fly, and packaging everything with Docker.

PlatformSecurity Team15 min read

C2 from Scratch Part 1: Architecture, mTLS & Rust

A deep dive into building Avocado C2: designing the communication protocol, implementing mutual TLS, and writing a cross-platform implant in Rust.

PlatformSecurity Team13 min read

React2Shell for Serverless Lambda Functions

Existing scanners miss CVE-2025-55182 in serverless Lambda deployments. While traditional RCE is blocked by Webpack bundling, the vulnerability enables Server Side JavaScript Injection (SSJI) that can exfiltrate AWS credentials, often more dangerous than shell access in cloud environments.

Matthew Keeley11 min read

2026: The Year of the Vibecode

An observation of how vibe coding is going to reshape software creation in 2026 and beyond, and how the entire software engineering role will be redefined in the age of AI systems.

Alexander Aviles5 min read

GCP Service Account That Read Everything

A short story about Artifact Registry reader access, container images, and why build history quietly leaks secrets.

Matthew Keeley4 min read

Hawk: Credential Harvesting in WRCCDC

How a tiny ptrace bird turned into a credential avalanche. The story of building Hawk, a lightweight Golang tool that silently intercepts SSH and sudo credentials in real time, and why it dominates in competitive red team exercises.

Matthew Keeley8 min read

Why Tech Giants Stay Tech Giants

When an incident strikes, organizations turn to those who know best, those that do it best. This article provides a singular example of how despite any sort of bad press, Tech Giants stay Tech Giants for a reason.

Alexander Aviles4 min read

The Anatomy of a Phishing Landing Page

A research-driven look into how attackers construct phishing landing pages that mimic Microsoft federated login portals, and what defenders can do about it.

Matthew Keeley8 min read

Platform Security's Game of Cat and Mouse

A case study on the ToolShell SharePoint exploit chain, exploring how persistent zero-days, patch delays, and organizational gaps turn platform security into an endless pursuit between attacker and defender.

Alexander Aviles5 min read

Redshift Authentication is a UX Dumpster Fire

Redshift authentication sounds simple until you try to make it secure and usable at scale. This post dives into the broken state of IAM, in-database users, and the messy tradeoffs data and platform teams face daily.

Matthew Keeley15 min read

Vulnerability Research

Modernization of Misinformation

An analysis of how misinformation spreads in the digital age, examining the recent 16 billion password dataset discovery and how media outlets distorted the facts for sensationalism and clicks.

Alexander Aviles10 min read

Hosting at Scale for $4/mo

715k requests in a week on a $4 VPS. Here's how we pulled it off with Cloudflare, Kubernetes, and a little obsession with optimization.

Matthew Keeley5 min read

Vulnerability Research

CVE-2025-32433: AI-Built Exploit Before Public PoCs

A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433) without any existing public proof of concept. Learn how AI is transforming vulnerability research and exploit development.

Matthew Keeley7 min read

Vulnerability Research

Ingress-NGINX RCE (CVE-2025-1974)

CVE-2025-1974 allows unauthenticated remote code execution in Kubernetes Ingress-NGINX by abusing unsanitized annotations. Dive deep into the vulnerability mechanics, proof-of-concept, real-world applicability, and mitigations.

Platform Security Team4 min read

Escaping the Sandbox: A Security Wake-Up

A case study on how a kernel vulnerability shattered assumptions about container security, exposing the need for deeper isolation and architectural redesign.

Diego Martinez3 min read

ML Evasion: Tricking AI Models

What is an evasion attack? How adversaries trick ML models with white-box, gray-box, black-box, and transfer attacks. Examples and code. From PlatformSecurity.

Matthew Keeley12 min read

Penetration Testing

PCI DSS Pentesting: Requirements & Compliance

PCI DSS penetration testing: requirements, scope, who must comply, how to satisfy assessors. Requirement 11.3 explained. Practical guidance for PCI pentests.

PlatformSecurity Team5 min read

Penetration Testing

How to Prepare for a Penetration Test

Get the most from your penetration testing engagement. A step by step guide to scope, access, contacts, and timing so your pen test delivers actionable results without surprises.

PlatformSecurity Team4 min read

Penetration Testing

Pentesting vs Vulnerability Scanning: The Difference

Pentesting and vulnerability scanning are often confused. Learn the key differences, when to use each, and how they fit into a complete security program for networks, applications, and cloud.

PlatformSecurity Team4 min read

Red vs Purple vs Blue Team: Which Do You Need?

Red team vs blue team vs purple team: what each does, when to use which, and how to choose. Compare offensive security, detection tuning, and when to get an assessment. Practical guide.

PlatformSecurity Team5 min read

Cloud Security Checklist for CTOs

A high level cloud security checklist for technology leaders. Focus on IAM, resource visibility, and attack path analysis to protect your AWS, Azure, or GCP environment.

PlatformSecurity Team2 min read

Application Security

Choosing a Security Company for Your Org

Not all security companies are the same. Learn what to look for in a partner, from technical expertise to communication style, to ensure you get real security value.

PlatformSecurity Team2 min read

Penetration Testing

Network Security for Modern Enterprise

Modern network security solutions go beyond firewalls. Explore zero trust, segmentation, and the importance of offensive testing in protecting enterprise infrastructure.

PlatformSecurity Team2 min read

Vulnerability Research

ZBT WE1626 Router CVEs (CVE-2022-45551)

A detailed analysis of three critical vulnerabilities discovered in the ZBT WE1626 Wireless Router, including unauthenticated remote code execution, insufficient debug interface protection, and UART interface vulnerabilities.

Matthew Keeley, Ryan Jones12 min read

The Value of Offensive Security Services

Offensive security services help you find weaknesses before attackers do. Learn how penetration testing and red teaming provide measurable security improvements.

PlatformSecurity Team2 min read

Application Security

Building an AppSec Program (Part 1 of 4)

A comprehensive guide to building an application security program from the ground up, covering team structure, roles, metrics, KPIs, and best practices for scaling security with your organization.

Matthew Keeley12 min read

Application Security

Secure Systems Design: Best Practices

Building secure systems requires a proactive approach to architecture. Learn the core principles of security engineering and how to build resilience into your products.

PlatformSecurity Team2 min read

Hawk's Prey: Snatching SSH Credentials

Introducing Hawk, a Golang tool for monitoring /proc to capture SSH, SU, Sudo, and Passwd credentials on Linux systems in real-time, designed for red team operations and network privilege escalation.

Matthew Keeley5 min read

Application Security

App Pentesting vs API Security Testing

Understand the differences between application penetration testing and API security testing. Learn why modern apps need both to protect against OWASP Top 10 and logic flaws.

PlatformSecurity Team2 min read

RDS + AD Credentials via Python and JDBC

A guide to accessing hundreds of RDS databases at scale using Python, JDBC, and Active Directory credentials, with practical code examples and solutions.

Matthew Keeley4 min read

Red Teaming in Incident Response

Red teaming services are not just about finding bugs. Learn how they help train your incident response team and improve your ability to detect and contain real world attacks.

PlatformSecurity Team2 min read

Application Security

NIST CSF 2.0: Updates and How to Prepare

Exploring the key updates in NIST CSF 2.0, including supply chain security, emerging technology risks, governance tiers, and enhanced risk management communication.

Matthew Keeley5 min read

Hacking Android Apps With Frida

A practical guide to using Frida for dynamic analysis of Android applications, including how to intercept and extract AWS credentials from mobile apps.

Matthew Keeley4 min read

Cloud Security Trends and Challenges in 2026

Explore the emerging trends in cloud security for 2026. From AI driven attacks to the importance of specialized cloud security services in protecting complex environments.

PlatformSecurity Team2 min read

Penetration Testing

Pentesting for Startups: A Guide

Startups often put off security testing due to cost or speed. Learn why penetration testing is essential for early stage companies and how to scope a pen test that fits your budget.

PlatformSecurity Team2 min read

Vulnerability Research

Little Bug, Big Impact: $25K Bounty

How I discovered hardcoded Stripe API keys in JavaScript source maps, leading to a $25,000 bug bounty and critical security improvements.

Matthew Keeley4 min read

Vulnerability Research

Zero Day Research: Finding Unknown Vulns

Zero day research is the hunt for previously unknown security flaws. Learn how researchers find vulnerabilities and why this work is critical for securing modern software.

PlatformSecurity Team2 min read

So You Found Auth0 Secrets, Now What?

A guide to exploiting Auth0 credentials discovered through LFI vulnerabilities, from generating JWT tokens to compromising Azure AD connections and escalating access.

Matthew Keeley9 min read

Application Security

Cyber Liability Insurance Cost Surge

Exploring the rising costs of cyber liability insurance, the data driving premium increases, and how organizations can navigate the complex landscape of cyber risk management.

Tom Kelly4 min read

Hacking SEO with AI-Generated Content

Learn how to leverage AI-generated content with GPT-4 and WordPress API to boost SEO rankings and drive traffic to your website through automated content creation.

Matthew Keeley5 min read

DLL Sideloading: Legitimate Software Abused

How DLL sideloading works, how to find and abuse it, and how to detect it. Step-by-step Windows guide with Process Monitor and real red team examples.

Nathan Smith35 min read

Penetration Testing

Sorting Your Way to Stolen Passwords

A unique vulnerability that allows password hash extraction through sort-order inference, even when hashes are redacted, plus a character-by-character method to crack SHA256 hashes and a rate-limit-aware approach using rockyou.txt.

Matthew Keeley12 min read

AWS CloudFormation Abuse to Full Environment Takeover

A detailed walkthrough of a privilege escalation attack chain exploiting AWS CloudFormation and IAM PassRole permissions to gain administrative access to an AWS environment.

Austin Ballard4 min read