Blog

From Pyjail to Full ECR Control

#Pyjail#AWS#ECS#ECR#Cloud Security

In this post, I will share my journey of how I went from a Pyjail sandbox to full control over an AWS ECR repository. This process involved several steps, including exploiting a misconfigured Pyjail, gaining access to the underlying ECS container, and finally obtaining full control over the ECR repository.

Read more →

August 2, 2025

Into the Skies

#Web Exploit#AWS#SSRF#Metadata#Cloud Security#Terraform

In this blog post, we will explore a web challenge called “Into the Skies” that highlights a server-side request forgery (SSRF) attack in a web application via HTML injection to leak AWS EC2 instance metadata. The challenge begins with a web application that allows users to upload information about their boarding pass, and the application generates a PDF file with the boarding pass information. One of the information entries is an image upload via URL, which the application fetches and displays in the PDF. The challenge is to upload a boarding pass with an image that triggers an SSRF attack to leak AWS EC2 instance metadata.

Read more →

June 18, 2025

Escape The Flight Simulator

#Container Security#Docker#Docker Escape

In this blog post, we will explore a challenge from MetaCTFv6 called “Escape the Flight Simulator”. The challenge involves exploiting a distroless Docker image to read files from the container without having shell access. This is a common scenario in container security where attackers may try to gain unauthorized access to sensitive information within a containerized environment.

Read more →

June 18, 2025

Cloud 10

#Etcd#AWS#K8s#Metadata#S3#Cloud Security

In this post, we will explore a cloud security challenge I created for PwnSec CTF 2024, we start with an etcd backup file, and we will end up with access to an s3 bucket and get the flag.

Read more →

November 16, 2024