About
Founder of PlatformSecurity and veteran security expert with over a decade of experience in offensive security. Recognized penetration testing specialist who has uncovered critical vulnerabilities in Fortune 500 companies, cloud infrastructure, and enterprise applications. Expert in red team operations, cloud security, and vulnerability research with a track record of responsible disclosures and high-impact security findings.
Articles by Matthew Keeley
How to Secure Your Claude Enterprise Tenant: A Settings-by-Settings Configuration Guide
A practical, settings-by-settings hardening guide for Claude Enterprise. Use it as a security checklist to configure identity, data privacy, connectors, code execution, logging, and governance controls.
Turns Out the ‘AI Won’t Take My Job’ Slide Was a Mistake
In 2023 I wrote a post about a sort-order oracle that leaks a redacted password hash. In 2026 I handed the same lab to Claude Code with zero hints and watched it find the whole bug in 2 minutes.
So You Put Your Secrets in GitHub. Bold Move.
GitHub Actions often holds the keys to your entire infrastructure, yet rarely gets the scrutiny it deserves. This post walks through the two main attack paths: clone-and-scan for secrets in repo content and history, and workflow injection to exfiltrate secrets at runtime. It also gives practical steps to lock down your pipelines before a leaked token becomes a full compromise.
React2Shell for Serverless Lambda Functions
Existing scanners miss CVE-2025-55182 in serverless Lambda deployments. While traditional RCE is blocked by Webpack bundling, the vulnerability enables Server Side JavaScript Injection (SSJI) that can exfiltrate AWS credentials, often more dangerous than shell access in cloud environments.
GCP Service Account That Read Everything
A short story about Artifact Registry reader access, container images, and why build history quietly leaks secrets.
Hawk: Credential Harvesting in WRCCDC
How a tiny ptrace bird turned into a credential avalanche. The story of building Hawk, a lightweight Golang tool that silently intercepts SSH and sudo credentials in real time, and why it dominates in competitive red team exercises.
The Anatomy of a Phishing Landing Page
A research-driven look into how attackers construct phishing landing pages that mimic Microsoft federated login portals, and what defenders can do about it.
Redshift Authentication is a UX Dumpster Fire
Redshift authentication sounds simple until you try to make it secure and usable at scale. This post dives into the broken state of IAM, in-database users, and the messy tradeoffs data and platform teams face daily.
Hosting at Scale for $4/mo
715k requests in a week on a $4 VPS. Here's how we pulled it off with Cloudflare, Kubernetes, and a little obsession with optimization.
How I Used AI to Create a Working Exploit for CVE-2025-32433 Before Public PoCs Existed
A step-by-step walkthrough of how I leveraged AI to analyze, understand, and exploit the Erlang SSH pre-authentication vulnerability (CVE-2025-32433) without any existing public proof of concept. Learn how AI is transforming vulnerability research and exploit development.
ML Evasion: Tricking AI Models
What is an evasion attack? How adversaries trick ML models with white-box, gray-box, black-box, and transfer attacks. Examples and code. From PlatformSecurity.
ZBT WE1626 Router CVEs (CVE-2022-45551)
A detailed analysis of three critical vulnerabilities discovered in the ZBT WE1626 Wireless Router, including unauthenticated remote code execution, insufficient debug interface protection, and UART interface vulnerabilities.
Building an AppSec Program (Part 1 of 4)
A comprehensive guide to building an application security program from the ground up, covering team structure, roles, metrics, KPIs, and best practices for scaling security with your organization.
Hawk's Prey: Snatching SSH Credentials
Introducing Hawk, a Golang tool for monitoring /proc to capture SSH, SU, Sudo, and Passwd credentials on Linux systems in real-time, designed for red team operations and network privilege escalation.
RDS + AD Credentials via Python and JDBC
A guide to accessing hundreds of RDS databases at scale using Python, JDBC, and Active Directory credentials, with practical code examples and solutions.
NIST CSF 2.0: Updates and How to Prepare
Exploring the key updates in NIST CSF 2.0, including supply chain security, emerging technology risks, governance tiers, and enhanced risk management communication.
Hacking Android Apps With Frida
A practical guide to using Frida for dynamic analysis of Android applications, including how to intercept and extract AWS credentials from mobile apps.
Little Bug, Big Impact: $25K Bounty
How I discovered hardcoded Stripe API keys in JavaScript source maps, leading to a $25,000 bug bounty and critical security improvements.
So You Found Auth0 Secrets, Now What?
A guide to exploiting Auth0 credentials discovered through LFI vulnerabilities, from generating JWT tokens to compromising Azure AD connections and escalating access.
Hacking SEO with AI-Generated Content
Learn how to leverage AI-generated content with GPT-4 and WordPress API to boost SEO rankings and drive traffic to your website through automated content creation.
Sorting Your Way to Stolen Passwords
A unique vulnerability that allows password hash extraction through sort-order inference, even when hashes are redacted, plus a character-by-character method to crack SHA256 hashes and a rate-limit-aware approach using rockyou.txt.