# Researchs ## Researchs - [About Me](https://seg-fault.gitbook.io/researchs/about-me.md) - [Bypassing DEP - Increasing the Gap](https://seg-fault.gitbook.io/researchs/bypassing-dep-increasing-the-gap.md): This blog talks about how to use WriteProcessMemory API Call for executing shellcode in a scenario where there is very less gap between shellcode and WriteProcessMemory call skeleton - [Hijacking Cloud CI/CD Systems for Fun and Profit](https://seg-fault.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit.md): This research details a new technique that can be used by threat actors for supply chain attacks on open-source repositories using GCP, Azure and AWS. - [Found some Access Keys?](https://seg-fault.gitbook.io/researchs/found-some-access-keys.md) - [AWS Cloud Researchs](https://seg-fault.gitbook.io/researchs/aws-cloud-security/aws-cloud-researchs.md) - [AWS and the Secrets Exposed on Public ECR Repository](https://seg-fault.gitbook.io/researchs/aws-cloud-security/aws-cloud-researchs/aws-and-the-secrets-exposed-on-public-ecr-repository.md): This article shows some insights into how many secrets are exposed in public ECR in AWS and how a threat actor is just a container away to get their hands on those secrets. - [Hacking API Gateway](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-api-gateway.md) - [API Gateway - Security](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-api-gateway/api-gateway-security.md) - [API Gateway API Calls](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-api-gateway/api-gateway-api-calls.md) - [Hacking S3](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-s3.md) - [S3 - Security](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-s3/s3-security.md) - [S3 API Calls](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-s3/s3-api-calls.md) - [Hacking Cognito](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-cognito.md) - [Cognito - Security](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-cognito/cognito-security.md) - [Cognito - API Calls](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-cognito/cognito-api-calls.md) - [Hacking Lamda](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-lamda.md) - [Lambda - Security](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-lamda/lambda-security.md) - [Lambda - API Calls](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-lamda/lambda-api-calls.md) - [Hacking Cloudbuild](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-cloudbuild.md) - [Cloudbuild - Security](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-cloudbuild/cloudbuild-security.md) - [Cloudbuild - API Calls](https://seg-fault.gitbook.io/researchs/aws-cloud-security/hacking-cloudbuild/cloudbuild-api-calls.md) - [AWS Services](https://seg-fault.gitbook.io/researchs/aws-cloud-security/aws-services.md) - [Exploit Development](https://seg-fault.gitbook.io/researchs/windows-security-research/exploit-development.md) - [RTCore64.sys - CVE-2019-16098](https://seg-fault.gitbook.io/researchs/windows-security-research/exploit-development/rtcore64.sys-cve-2019-16098.md): This blog details the methodology and the approach used against developing exploit code for CVE-2019-16098 - [Mouse Server](https://seg-fault.gitbook.io/researchs/windows-security-research/exploit-development/mouse-server.md): Technical analysis of Mouse Server exploit - [mskssrv.sys - CVE-2023–29360](https://seg-fault.gitbook.io/researchs/windows-security-research/exploit-development/mskssrv.sys-cve-2023-29360.md) - [Fuzzing](https://seg-fault.gitbook.io/researchs/windows-security-research/fuzzing.md) - [WTF](https://seg-fault.gitbook.io/researchs/windows-security-research/fuzzing/wtf.md): This page describes on how to use WTF for fuzzing and when its a bad idea to use WTF. - [Abusing Netlify Functions](https://seg-fault.gitbook.io/researchs/supply-chain-research/abusing-netlify-functions.md): This articles details a new technique on how threat actors can abuse Netlify functions to leak secrets configured in their Netlify pipelines. - [Reversing.kr](https://seg-fault.gitbook.io/researchs/reverse-engineering/reversing.kr.md) - [Easy\_CrackMe](https://seg-fault.gitbook.io/researchs/reverse-engineering/reversing.kr/easy_crackme.md) - [Easy KeyGen](https://seg-fault.gitbook.io/researchs/reverse-engineering/reversing.kr/easy-keygen.md) - [Github Actions - Cloud](https://seg-fault.gitbook.io/researchs/failed-research-attempts/github-actions-cloud.md): Successful research comprises of multiple failed research attempts. Here are some documented failures :) - [CloudTrail](https://seg-fault.gitbook.io/researchs/failed-research-attempts/cloudtrail.md): A successful research comprises of countless failures. These are some documented failures :) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://seg-fault.gitbook.io/researchs/about-me.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.