NEO // Writing
Security research, red team notes, and engineering writeups.
Medium Linux box. SOAP XOP/MTOM file read leaks Hoverfly creds from a systemd unit file. Middleware RCE gives a shell as dev_ryan. World-writable /usr/bin/bash + sudo syswatch.sh = root.
Git leak to portal creds. fontTools arbitrary file write drops a webshell, FontForge ZIP command injection pivots to user, setuptools path traversal writes root's SSH key. Three CVEs, full chain.
Blind SQLi in ZoneMinder leaks bcrypt hashes. Crack one, SSH in, find motionEye running as root on localhost.
Exploiting a Chrome extension upload portal to achieve browser-context SSRF, Bash arithmetic injection for RCE, and Python .pyc cache poisoning for root.
A Windows AD machine where every step is mundane — guest SMB, hardcoded credentials, a missing DNS record, an unsanitized string. None of it exotic. All of it enough.