Zion Boggan

An autonomous vulnerability-research platform: a 7-agent decision graph that maps a target, hypothesizes bugs, drafts exploits, and only reports findings a deterministic validator could reproduce.

An autonomous vulnerability-research engine: reproduced findings across 20+ open-source targets using a strict reproduce-before-report discipline. ASan crashes, live SQL rows, and executed command chains are the only valid proof.

A self-contained malware-analysis lab: static-triage pipeline, ransomware detonation in a sealed VM, live memory forensics, and AES key recovery from a 4.13 GB ransomware memory dump.

Feeds identical tokens into 5 JWT libraries at once and flags any disagreement. A verifier split is an auth-bypass primitive.

Public writeups and methodology notes from independent vulnerability research on HackerOne and Bugcrowd, organized by target class, with reproducible PoCs and disclosure timelines.

Pulls live threat-intel from five feeds, deduplicates across sources, maps to ATT&CK, generates Wazuh detection rules, and holds every rule behind a human approval gate before anything reaches the SIEM.

Ten ATT&CK-mapped Sigma rules that compile cleanly to Splunk SPL, Elastic ES|QL, and Microsoft Sentinel KQL. Linted and tested in CI, behaviourally validated by Atomic Red Team before promotion.

Wazuh detection, Shuffle SOAR, and TheHive case management wired into one pipeline. An alert fires, the indicator gets enriched, a case opens, and the analyst channel gets pinged, all before anyone clicks anything.

Atomic Red Team adversary emulation against an instrumented Ubuntu endpoint: six ATT&CK techniques executed, six detections confirmed in Wazuh. The validation half of the detection-as-code pipeline.

A GitHub Actions pipeline that gates every push on four parallel security checks (Semgrep SAST, gitleaks secret scan, pip-audit dependency audit, and ruff with security rules) before code is allowed to merge.

Keyless Cosign signing with GitHub OIDC identity, SPDX SBOM attestation, and a Kyverno admission policy that refuses any unsigned or unattested image at the cluster boundary.

A 20-agent AI orchestration platform that routes natural language commands to specialized workers across a self-hosted Proxmox homelab, with per-request cost tracking and a three-tier SSH safety model.

HMAC-signed, filesystem-mediated job dispatch so two agent sessions on different hosts can hand work to each other. No broker, no open ports, no shared terminals.

Two shell scripts (a GPU mutex and a CPU/RAM counting semaphore) that let multiple independent processes share one GPU and a bounded CPU budget using nothing but flock.

Autonomous Kalshi weather-market trading bot: 31-member NWS ensemble forecasts into Gaussian bracket probabilities, Kelly sizing, a Claude Sonnet veto gate, and a Discord command interface.

Honest post-mortem of a Kalshi weather-market bot that lost $160 in 138 trades. Includes the actual dataset, a walk-forward eval harness, and the three cascading misdiagnoses that preceded the right answer.

Real-time CV aim-assist for offline MLB The Show 26: a YOLO-trained ball detector plus classical PCI tracker that predicts where each pitch will cross the plate and nudges the controller via a Titan Two adapter.

A social idle formation auto-battler for Roblox: 33 original pixel-art champions, a server-wide world boss, shared co-op runs, and a headless build pipeline that shipped to v181.

Full e-commerce and coaching platform for a fitness brand: merch store, session booking with calendar, workout challenge system, and Stripe checkout. Built in React/TypeScript on Supabase.

A private iOS matcha journal and Portland cafe map with quick-add logging, shareable Matcha Cards, monthly Bloom recaps, and 25 pre-seeded PDX cafe pins. Built in Flutter.

A single Python script that wraps any WireGuard .conf file into an iOS .mobileconfig profile with IncludeAllNetworks and OnDemand auto-connect. These are the two kill-switch settings the WireGuard iOS app's UI does not expose.

The add path validates all input through a dedicated function that rejects shell metacharacters. The delete path skips it entirely, passing raw user input into an nsupdate heredoc.

httptest.cgi blocks 127.0.0.1 and ::1 but treats [::ffff:127.0.0.x] as a routable address, bypassing loopback validation and reaching privileged internal Apache VirtualHosts.

Two WebSocket-to-RTSP proxy endpoints, functionally identical, sit side by side in Apache config. One has a Require directive. The ONVIF variant does not.

tcptest.cgi calls the validateaddr binary before pinging anything. pingtest.cgi, accessible to viewer-level users, passes the ip parameter straight to busybox ping with no validation.

The YAML access control definition grants viewer-level users GET access to SNMP community strings, while correctly restricting SET to admin only. Community strings are the sole authentication mechanism for SNMP v1/v2c.

Any authenticated ClickHouse user, including SELECT-only accounts, can crash the entire managed instance in one HTTP request by passing two deeply nested JSON documents to JSONMergePatch, which recurses without a depth limit.

A single RESTORE command with a crafted stream payload causes unbounded vector allocation in Dragonfly's RDB deserialization path, throwing std::bad_alloc and terminating the entire server process.

Sending Amount=0 in a GetBlockHeaders p2p message triggers a uint64 underflow to UINT64_MAX. The resulting allocation scales with chain height -- on Electroneum mainnet, a single connection is sufficient to OOM-kill the node.

roundChangeSet.Add() trusts a single message's HasBadProposal flag to skip the digest check. isJustified() requires a quorum. One Byzantine validator can exploit this inconsistency to poison the prepared-block cache and stall consensus indefinitely.

The Aiven login endpoint returns distinct error messages and 10-35x response time differences for registered versus unregistered email addresses, enabling reliable unauthenticated account enumeration.

An authenticated Kafka producer can crash the Karapace REST Proxy by writing a GZIP compression bomb to a topic, because librdkafka's GZIP codec has no decompression size limit while its ZSTD codec does.

The invite and uninvite endpoints for shared channels enforce a system-level permission but skip the channel-level membership check. A user with manage_shared_channels can exfiltrate any private channel to a remote cluster they control.

The avnadmin user on Aiven managed MySQL has unrestricted SELECT on mysql.user, exposing caching_sha2_password hashes for the internal root, replication, and monitoring accounts.

A close read of the signature-verification bypass in OpenPGP.js v6: how a packet-list mutation during streaming verification allowed result.data to diverge from the verified content.

Any avnadmin user can execute code in the PostgreSQL superuser context by chaining a gatekeeper bypass with expression index evaluation in the autovacuum background worker.

Aiven's PostgreSQL security agent blocks shadow functions with identical signatures but misses those with different, implicitly castable argument types, defeating its own pghostile-class protection.

After fixing CVE-2025-31480 by schema-qualifying function calls across aiven_extras, one unqualified parse_ident call was missed in a SECURITY DEFINER body, leaving the same vulnerability class present.

A SECURITY DEFINER function in aiven_extras opens a superuser database connection to localhost using trust authentication, reachable by any avnadmin user and from within logical replication apply worker triggers.

The aiven_extras SECURITY DEFINER subscription creation function assigns ownership to the postgres superuser rather than the calling user, causing apply worker triggers to run with session_user=postgres.

Any authenticated Aiven user can enumerate the platform's customer list by checking whether a project name returns 403 (exists, not a member) or 404 (does not exist), since project names frequently match company names.

The Aiven SQL query optimizer accepts queries without authentication and stores them so any authenticated user can retrieve another user's SQL by optimization ID, leaking table structures, column names, and business logic.

How inconsistent URL-validation coverage across four outbound-HTTP code paths produced two independent SSRF vectors in the same platform.

Any authenticated Valkey user can read 12+ C function pointer addresses from the server process by calling tostring() on Lua function objects, defeating ASLR for the valkey-server process.

Any authenticated Valkey user can suppress replication of arbitrary write commands via Lua, silently diverging master and replica state, and can register persistent trojan functions that continue corrupting data after the attacker disconnects.