PinnedMatthew KeeleyinProDefenseSo you found Auth0 secrets, now what?Advanced Exploitation Techniques with Auth0 CredentialsDec 11, 20231Dec 11, 20231
PinnedMatthew KeeleyinProDefenseLittle bug, Big impact. 25k bountyIntroductionFeb 24, 20238Feb 24, 20238
Matthew KeeleyinProDefenseBuilding an AppSec Program: Part 1 of a 4-Part Series on Application SecurityHi there! You might know me from my technical deep dives into pentesting, exploit development, and zero-day research. Today, I’m shaking…Jun 20Jun 20
Matthew KeeleyinProDefenseHawk’s Prey: Snatching SSH CredentialsCrafted in Golang, Hawk not only captures administrative credentials used by sshd, sudo, passwd, and su services but also exfiltrates them!Apr 26Apr 26
Matthew KeeleyinProDefenseHacking Android Apps With FridaFinding AWS Credentials in Android AppsFeb 26Feb 26
Matthew KeeleyinProDefenseHacking the internet (literally)This week I published a new tool called GitScanner. Its a basic tool, that scans domains for publicly exposed .git folder.Sep 15, 20231Sep 15, 20231
Matthew KeeleyinProDefenseHacking SEO: Getting to the Top with AI-Generated ContentHow to make your website the TOP Google search.Aug 6, 2023Aug 6, 2023
Matthew KeeleyinProDefenseAccessing Hundreds of RDS Databases with AD Credentials Using Python and JDBCOvercoming Network Domain Authentication Challenges to Achieve Large-Scale Database AccessAug 5, 2023Aug 5, 2023
Matthew KeeleyinProDefenseHow Abusing AWS CloudFormation Led to a Total Takeover of an AWS EnvironmentAttacking AWS CloudFormationJul 1, 2023Jul 1, 2023
Matthew KeeleyinProDefenseSorting Your Way to Stolen PasswordsStealing password hashes using a character-by-character comparison methodMay 8, 2023May 8, 2023