Skip to content

Writeups

Arbaaz Jamadar
Written by
Arbaaz Jamadar
Cloud Security Engineer | OSCP | AWS Security Specialty | CySA+ | Threat Detection & Incident Response
Summary

40+ technical writeups with a heavy focus on cloud security research, original CVE documentation, and real-world cloud misconfiguration exploitation across AWS, Azure, and Kubernetes.

AWS & Cloud Misconfiguration Research - deep-dive walkthroughs of the flAWS and flAWS2 challenge series: S3 bucket enumeration and unauthenticated data access, IAM privilege escalation chains, public EC2 snapshot exploitation to extract credentials, Lambda environment variable leakage, and cross-account role abuse. IMDSv2 SSRF exploitation via Spring Boot Actuator, demonstrating how internal metadata service access bypasses perimeter controls and exposes IAM role credentials. Each walkthrough maps the vulnerability to its AWS Well-Architected Framework control failure and documents the remediation.

CVE Research & Vulnerability Analysis - original analysis of 10+ documented CVEs spanning cloud-native and enterprise platforms: CVE-2025-9074 (Docker Desktop REST API unauthenticated container escape on Windows and macOS), CVE-2023-43208 and CVE-2023-37679 (Mirth Connect pre-auth RCE chain), CVE-2022-3294 (Kubernetes nodes/proxy privilege escalation enabling lateral movement across the cluster), CVE-2025-6018 and CVE-2025-6019 (Pterodactyl PHP PearCMD RCE with race-condition privilege escalation), and CVE-2025-59528, CVE-2025-58434, CVE-2025-64111 (nginx auth bypass and container privilege abuse chain). Each writeup includes root cause analysis, proof-of-concept reproduction steps, and defence recommendations.

Wiz Cloud Security Championship - Top 18 Worldwide (600+ Participants) - 9 cloud security challenge writeups from a podium-level finish: container escape via PostgreSQL superuser RCE and Linux core_pattern manipulation, Kubernetes lateral movement through service account token abuse and CVE-2022-3294 nodes/proxy exploitation, Terraform state file race condition granting unintended privileged access, Azure Graph API OAuth client-credential abuse with Entra ID dynamic group privilege escalation, S3 bucket loose-policy bypass for SNS-topic-based data exfiltration, SSRF via Spring Boot Actuator exposing IMDSv2 credentials behind a reverse proxy, and AI-assisted supply chain vulnerability research exploiting vibe-coded application weaknesses.

HackTheBox Machines - 14 writeups covering Active Directory attacks (RODC KeyList abuse, gMSA exploitation, NTLM relay, constrained delegation, SPN jacking), web vulnerabilities (SSRF, SQLi, mass assignment, LFI-to-RCE), binary exploitation (buffer overflow, format string, tarslip), and the CVE-documented RCEs listed above.

Exam Preparation - structured guides for OSCP (first attempt, 100/100), AWS SAA-C03, and CompTIA Security+, plus eJPTv2 penetration testing cheat sheets and API security certification notes.

HTB: HackTheBox Season 10
HTB: HackTheBox Season 10
Seasonal HackTheBox machines.
Wiz: The Ultimate Cloud Security Championship
Wiz: The Ultimate Cloud Security Championship
My approach to solve and detect the real world cloud challenges and misconfigurations.
HackTheBox: AirTouch
HackTheBox: AirTouch
Escaping VLAN using Aircrack-ng-suite and EAPHammer.
HackTheBox: Browsed
HackTheBox: Browsed
Exploiting SSRF and Arithmetic expansion vulnerability in bash for initial access. Privilege escalation using malicious python compiled bytecode bypassing the invalidation condtions.
HackTheBox: Overwatch
HackTheBox: Overwatch
NTLM relay attack via MSSQL link
How I passed my OSCP on my first attempt with 3 months prep
How I passed my OSCP on my first attempt with 3 months prep
I am describing how I was able to prepare of OSCP within 3 months, how was my attempt and how I was able to achieve 100/100 points on my first attempt.
Hacksmarter: Welcome (Easy)
Hacksmarter: Welcome (Easy)
Enumerating and exploiting misconfigurations in Active Directory to compromise the whole domain giving you the acceess to every account.
CVE-2025-9074: Container escape on Windows and MacOS
CVE-2025-9074: Container escape on Windows and MacOS
CVE-2025-9074: A simple privilege escalation vector in Docker environment for Windows and MacOS. Abuse Docker REST API over localhost:2735
How I Passed the AWS Solutions Architect Associate (SAA-C03) Certification
How I Passed the AWS Solutions Architect Associate (SAA-C03) Certification
Learn how I passed the AWS Solutions Architect Associate (SAA-C03) exam in 3 weeks with study resources, tips, and practice strategies.
RustDesk - Self-Hosted Remote Desktop Made Easy
RustDesk - Self-Hosted Remote Desktop Made Easy
Step-by-step guide to self-hosting RustDesk, the free and open-source remote desktop software. Learn to set up your own relay server on AWS with Docker for secure, cross-platform remote access.
eJPTv2 Exam Cheat Sheet
eJPTv2 Exam Cheat Sheet
Complete eJPTv2 penetration testing exam cheat sheet with commands, methodologies, and practical tips for success.
flAWS2 – Exploiting Public EC2 Snapshots (Task 4 Walkthrough)
flAWS2 – Exploiting Public EC2 Snapshots (Task 4 Walkthrough)
Step-by-step guide on exploiting misconfigured public EC2 snapshots in AWS to retrieve sensitive credentials and gain access to target services.
flAWS Walkthrough – AWS S3, IAM, EC2, and Lambda Exploitation
flAWS Walkthrough – AWS S3, IAM, EC2, and Lambda Exploitation
Step-by-step flAWS.cloud walkthrough covering AWS misconfigurations, S3 bucket leaks, EC2 snapshot attacks, IAM exploitation, and Lambda privilege escalation.
I passed CompTIA Security+ (SY-601) Exam!
I passed CompTIA Security+ (SY-601) Exam!
How I passed the CompTIA Security+ (SY-601) Exam!
API Security Architect
API Security Architect
A self paced certification