- Github Actions - Supply Chain Attacks- Discussion of the recent tj-actions/changed-files action compromise, and how we could prevent it. 
- Privilege Escalation in EC2, using Session Manager- The dangers of granting ssm:StartSession permissions to your EC2 instances 
- Static Password Protected Posts, pt. 2- Some updates on my original post about encrypted content for this blog 
- Password Protecting Blog Posts WebCrypto!- A process to password protect blog posts in my static site, using encryption to keep the contents secure. 
- Using Certificate Transparency Logs for DNS Enumeration- A tool for enumerating DNS records using cert transparency and dictionary files 
- iPhone Backup Tools v2- Introducing a new version of my iOS backup tools, now featuring decryption. Written in rust. 
- Common Web App Security Bugs and where to find them- A (non-exhaustive) list of common web security bugs with examples, including XSS and command injection. 
- Reverse Engineering some Wordpress Malware- Wordpress Hardening & Reverse engineering some wordpress malware 
- Root Shell on your Drone!- Syma X5SW - Getting a root shell, streaming video, taking pictures, and more! 
- iOS Backup Information Extractor Tool Updated- I've updated my tool to extract tons of useful data from iOS backups 
- Reverse Engineering the iOS Backup- Explore the format of iOS backups and ways to extract data. 
