/research

Research Pipeline

Active investigations, planned research, and completed projects. Zero-day hunting with reproducible methodology — from surface mapping to CVE.

Active — 2 projects

active GitHub Actions, CI/CD pipelines, AI coding agents 2026-05 Public Write-up

AI Agent Prompt Injection → Supply Chain

Mapping how prompt injection in AI coding agents cascades into credential theft, pipeline poisoning, and package registry compromise — without a single binary payload.

active Multiple SEG vendors 2026-04 Public Write-up

Secure Email Gateway Sandbox Escape

When the email sandbox's automated link-clicking triggers real-world side effects. Cross-vendor analysis of SEG sandbox escape and SSRF-adjacent techniques.

Planned — 1 project

planned AWS IAM, cross-account trust relationships 2026-Q3 Research Note

Cloud IAM Privilege Escalation Paths

Cataloging non-obvious IAM privilege escalation chains that survive typical CSPM rule sets. Focus on cross-account pivoting and resource-based policy abuse.

Completed — 2 projects

completed Logsign Unified SecOps Platform (≤ v6.4.7) 2024-06 Public Write-up + Metasploit Module

Logsign Unified SecOps — Pre-Auth RCE Chain

Chained CVE-2024-5716 (auth bypass) and CVE-2024-5717 (command injection) into a Metasploit module achieving unauthenticated root RCE.

CVE-2024-5716CVE-2024-5717

completed xz utils 5.6.0–5.6.1, liblzma, systemd 2024-03 Public Write-up

xz Utils Backdoor — Build System Analysis

Technical breakdown of CVE-2024-3094: IFUNC hijacking, build-system manipulation, and SSH authentication bypass via compressed test files.

CVE-2024-3094

New projects are added as research progresses. Interested in collaborating?
Get in touch →