nerdymark's Software Engineering & Cybersecurity Blog

technology

2024-09-18 08:20:00

a showcase of projects, musings, and experiments in tech and security.

Happy Birthday S3 CTF Challenge Writeup

ctf

2026-04-14 12:00:00 18 min read

Multi-service AWS exploitation chain: account ID enumeration via s3recon, SNS StringLike policy bypass, and os.path.join path traversal to read the flag from a private S3 bucket.

X/Twitter API is Now Pay-to-Play - Why I Disabled Cross-Posting

technology

2026-03-23 17:53:21 5 min read

Attempted to implement automated cross-posting to X/Twitter and hit a wall of 403s, ghost projects, and a 402 paywall. Here's what happened.

Hardle Solver - Bulls and Cows Word Puzzle Helper

gaming

2026-03-16 18:24:17 2 min read

Built a Hardle solver companion tool for the Bulls and Cows style word puzzle. Enter guesses, set correct and misplaced counts, and narrow down candidates from 12,000+ words.

Wordle Solver - Interactive Puzzle Helper

technology

2026-03-01 18:01:40 1 min read

New interactive Wordle solver that helps you crack the daily puzzle with live word suggestions, color-coded tile input, and smart filtering.

New Browser Games: Flappy Nerd and Gorillas Now Have Dedicated Pages

gaming

2026-03-01 17:34:45 1 min read

Two classic browser games — Flappy Nerd (cyberpunk arcade) and Gorillas (QBasic artillery classic) — now have their own dedicated pages with fullscreen mode, controls reference, and background info.

Trust Issues CTF: Supply Chain Attack on a GitHub Actions Runner

ctf

2026-02-25 12:00:00 15 min read

Trust Issues CTF writeup: incident response tracing a trojanized pytest package exfiltrating secrets from a GitHub Actions self-hosted runner via Fernet-encrypted dead drops.

Migrating from JSON Files to DynamoDB with boto3

technology

2026-02-23 03:57:44 3 min read

How I moved my Flask blog from flat JSON files to AWS DynamoDB for durable storage, and migrated hardcoded secrets to environment variables.

Wiz Cloud Security Championship - Cracked the Top 30

ctf

2026-02-14 12:00:00

Climbed from page 5 to #30 on the Wiz Cloud Security Championship leaderboard with 8 of 12 challenges solved and 137 points. Up from 3 challenges in September.

Wiz Cloud Security Championship - Cracked the Top 30

Confession Booth CTF: Race Condition Privilege Escalation

ctf

2026-01-28 12:00:00 15 min read

Confession Booth CTF writeup: race condition exploit between user registration and permission assignment.