Cybersecurity, AI & Python Programming Blog

Pokémon TCG Pocket: Paradox Drive Expansion Coming Soon

thanks

2026-05-27 14:58:00

I am looking forward to this! This evening? Paradox Pokémon drift into Pokémon TCG Pocket as part of this new expansion coming May 27, 2026.

Read more about it here: Pokémon TCG Pocket: Paradox Drive Expansion Coming Soon

Essential Intel: Decoding the Recent Windows 11 BitLocker Bypass

thanks

2026-05-25 05:49:25

This Ars Technica breakdown offers a great resource for understanding the new YellowKey exploit, which exposes critical security flaws in default Windows 11 BitLocker.

Essential Intel: Decoding the Recent Windows 11 BitLocker Bypass

Contain Me If You Can CTF: Container Escape via a Plaintext Postgres Connection

ctf

2026-05-24 12:00:00 14 min read

Wiz Cloud Security Championship #2 writeup: sniff a plaintext PostgreSQL credential with tcpdump, get superuser RCE via COPY FROM PROGRAM, abuse passwordless sudo, and mount the host block device to read /flag.

Synaptic Sync CTF: AES-GCM Nonce Reuse and the Forbidden Attack

ctf

2026-05-23 16:00:00 18 min read

LevelUpCTF Synaptic Sync writeup: a deterministic AES-GCM nonce derived from the Node ID leaks the GHASH authentication key via the Joux forbidden attack, enabling arbitrary tag forgery and a duplicate-JSON-key command override.

RouteGuard Structural Audit CTF: CBC Bit-Flipping for Privilege Escalation

ctf

2026-05-23 15:00:00 12 min read

LevelUpCTF RouteGuard Structural Audit writeup: AES-CBC session tokens with no MAC, escalate guest to admin via a 5-byte IV XOR flip, brute-force 3 blocks x 12 offsets to locate the role field.

Perimeter Leak CTF: Bypassing an AWS Data Perimeter with Pre-Signed URLs

ctf

2026-05-23 14:00:00 14 min read

Wiz Cloud Security Championship Challenge 01 writeup: chain Spring Boot Actuator exposure, a method/header-forwarding /proxy SSRF, IMDSv2 credential theft, and offline S3 pre-signed URLs to bypass a VPC-bound AWS data perimeter.

SproutLogix Metadata Aggregator CTF: SSRF via Loopback Bypass

ctf

2026-05-23 12:00:00 9 min read

LevelUpCTF SproutLogix Heritage Metadata Aggregator SSRF writeup: bypass a localhost/127.0.0.1 string blocklist with a decimal-encoded loopback address (http://2130706433:5000/) to reach the internal heritage-vault endpoint.

Speakeasy Storage Audit CTF: NTFS Alternate Data Streams

ctf

2026-05-22 17:00:00 10 min read

LevelUpCTF Speakeasy Storage Audit forensics writeup: a Gourmet Access Key hidden in an NTFS Alternate Data Stream (ADS) attached to delivery_log.txt, base64-decoded out of a recovered disk metadata dump.

Heritage Keycard CTF: ret2win Through PTY Bad Bytes

ctf

2026-05-22 12:00:00 14 min read

LevelUpCTF Heritage Keycard ret2win writeup: 64-byte gets() overflow, x86-64 alignment via ret gadget, and LNEXT-escaping PTY-mangled bytes (0x16, 0x12, 0x1a) through a socat-fronted target.

Update README.md

github

2026-05-20 14:34:51

File: README.md
 DevOps          Terraform · nginx · systemd · Git · CI/CD
 ---
-### 📈 GitHub Stats
-
-<div align="center">
-
-![Mark's GitHub stats](https://github-readme-stats.vercel.app/api?username=nerdymark&show_icons=true&theme=dark&hide_border=true&bg_color=0d1117&title_color=00FF88&icon_color=00FF88&text_color=c9d1d9)
-&nbsp;&nbsp;
-![Top Languages](https://github-readme-stats.vercel.app/api/top-langs/?username=nerdymark&layout=compact&theme=dark&hide_border=true&bg_color=0d1117&title_color=00FF88&text_color=c9d1d9)
-
-</div>
-
 ---
 ### ⏱️ Milestones