n3ph0s - Void Protocols

Void Protocols

n3ph0s

Pwned Labs - Execute and Identify Credential Abuse in AWS

A public S3 bucket exposed credentials that led to IAM abuse, DynamoDB data exfiltration, cracked passwords, and successful AWS Console access via credential stuffing.

Breaking Things Beautifully: Learning Packer the Hard Way

Breaking Things Beautifully: Learning Packer the Hard Way

A journey of building automated Debian templates with Packer across multiple platforms. Navigating preseed configurations, platform-specific quirks, and integrating Ansible provisioning to create standardized, reproducible infrastructure builds.

Pwned Labs - Azure Recon with BloodHound

Using compromised Azure credentials, we deploy BloodHound to map the environment and discover role assignments. By enumerating custom security attributes via PowerShell and inspecting VM user data, we uncover hardcoded credentials leading to further access escalation.

Pwned Labs - Abuse Azure Logic App Automation

This lab walks through abusing overshared social media information and insecure Azure Logic App automation to gain initial access, escalate privileges, and compromise an M365 environment.

Pwned Labs - Azure Blob Container to Initial Access

A public Azure Blob container hosting a corporate website exposes versioned files. By enumerating blob versions via the REST API, we discover and retrieve a deleted PowerShell script archive containing hardcoded credentials for both Azure AD and Active Directory admin accounts.

Less is More: How I Declutter My Tech Stack Every Year

Less is More: How I Declutter My Tech Stack Every Year

Every year, I take some time to refresh my system build and workflows to ensure that my setup is optimized to streamline work and reduce friction. Conducting an annual review of your tools is more than just a routine task, it's a crucial practice for maintaining an efficient and productive workflow.

Pwned Labs - Abuse Cognito User and Identity Pools

A public git repository exposes an Android app's source code, revealing misconfigured Cognito pools. Chaining unauthenticated access, user creation, and Lambda SSRF leads to credential extraction and complete AWS compromise of Huge Logistics' cloud environment.

Pwned Labs - Leverage Writable S3 Bucket to Steal Admin Cookie

Compromised SSH credentials provide access to a web server. Discovering a publicly writable S3 bucket hosting frontend assets, we inject malicious JavaScript to steal admin session cookies via XHR requests, achieving session hijacking and accessing sensitive exported data.

Pwned Labs - Uncover Secrets in CodeCommit and Docker

A public Docker image exposes AWS credentials in environment variables. Enumerating CodeCommit with these credentials reveals a dev branch containing hardcoded keys in source code, granting access to an S3 bucket with sensitive data.

Pwned Labs - Bypass Restrictions in API Gateway

Leaked AWS keys enabled API Gateway policy abuse, removal of a prod IP restriction, redeployment, and unauthorized access to the production endpoint.

Pwned Labs - Leverage Insecure Storage and Backups for Profit

AWS credentials expose S3 buckets with SSH keys and EC2 password access. Pivoting via WinRM uncovers credentials leading to AD backups containing NTDS.dit and domain password hashes.

Pwned Labs - Assume Privileged Role with External ID

An exposed config.json file reveals AWS credentials, leading to enumeration of Secrets Manager. By extracting credentials, accessing CloudShell, and exploiting IAM role assumptions with an External ID, we escalate privileges to retrieve Huge Logistics' default payment card details.

Pwned Labs - Pillage Exposed RDS Instances

An exposed RDS MySQL instance is discovered through port scanning. Using Metasploit to brute-force credentials, we gain database access revealing weak passwords and unencrypted PII including customer names, emails, passwords, and credit card numbers stored in plaintext.

Pwned Labs - Plunder Public RDS Snapshots

Using only an AWS account ID, we enumerate public RDS snapshots to discover an exposed Aurora PostgreSQL cluster. By restoring the snapshot, resetting credentials, and accessing via EC2, we extract customer PII including usernames, passwords, and credit card numbers.

From Zero to K8s: Building Your First Kubernetes Cluster

From Zero to K8s: Building Your First Kubernetes Cluster

Step-by-step guide to building a three-node Kubernetes 1.30.2 cluster on Proxmox using Debian 12, containerd runtime, and Calico CNI. Covers installation, configuration, worker node joining, and deploying a test application with NodePort service exposure.

Pwned Labs - Abuse S3 Replication and Batch Ops to Exfiltrate Data

Compromised AWS credentials reveal S3 bucket permissions. By modifying S3 replication policies and batch operations, we exfiltrate data to an attacker-controlled bucket. Discovered credentials in the replicated data lead to Secrets Manager access, exposing AWS Organization root account credentials.

JupyterLab behind Nginx Reverse Proxy

JupyterLab behind Nginx Reverse Proxy

Step-by-step guide to installing and running JupyterLab on a Debian server, securing it with a systemd service, and configuring Nginx as a reverse proxy for remote access.

Tiling My Way to a Leaner, Faster Linux Setup

Tiling My Way to a Leaner, Faster Linux Setup

I ditched the desktop environment for a keyboard-driven tiling window manager gaining speed, focus, and total control over my workflow.

My Journey to Linux

My Journey to Linux

After 20 years on Apple, I switched to Linux and it’s been a revelation

Privacy Isn’t Optional

Privacy Isn’t Optional

Google’s promise to delete location data from sensitive places is a step in the right direction, but privacy is a fundamental right that goes far beyond isolated gestures, it’s about control, autonomy, and protecting our personal boundaries every day.

Failure is Learning

Failure is Learning

Experiencing failure isn’t the end, it’s a powerful part of learning. By embracing small mistakes, asking questions, and iterating, we deepen understanding, build persistence, and turn setbacks into opportunities for growth.

Have I Been Taking Notes Wrong All Along?

Have I Been Taking Notes Wrong All Along?

I discovered my old note-taking system wasn’t cutting it, and after trying the Zettelkasten method, my notes are now more connected, useful, and insightful than ever.

Protecting Patients vs. Protecting Systems

Protecting Patients vs. Protecting Systems

Hospitals should focus on saving lives, not security. While cyber risks are real, medical staff must prioritize patient care, often operating in environments full of outdated systems and exposed devices. Security is important, but it should not come at the cost of healthcare outcomes.

The Real Cost of a Data Breach

The Real Cost of a Data Breach

The true cost of a data breach goes far beyond stolen records. From legal fees and regulatory fines to reputational damage and lost company value, breaches are a business problem, not just a technical one.

Compliance Does NOT Equal Security!

Compliance Does NOT Equal Security!

Compliance may be mandatory, but it doesn’t equal security. True protection comes from a security-first mindset that evolves with threats, rather than relying solely on static standards and certifications.