nerdymark's Software Engineering & Cybersecurity Blog

technology

2024-09-18 08:20:00

Welcome to my digital homestead - a curated collection of projects, writeups, and experiments in Python, cybersecurity, and creative coding.

Here you'll find CTF writeups covering Azure OAuth privilege escalation, AWS S3 multi-service exploitation, Kubernetes SSRF attack chains, Terraform state poisoning, Go malware reverse engineering, and supply-chain compromises on GitHub Actions runners. You'll also find side projects like the Pokemon Sleep Roster Analyzer, an RDP/VNC network scanner, a LinkedIn feed analyzer powered by Gemini, and word-puzzle solvers for Wordle and Hardle. Plus notes on building this Flask site, migrating to AWS, Bluesky cross-posting, and running a personal AI robot out of my garage.

I'm Mark LaCore - Software Engineer by day, Raspberry Pi tinkerer by night. 25 years of turning caffeine into code, 20+ years of playing guitar, and a growing collection of CTF trophies. Explore the posts below, browse the CTF writeups, or drop me a line.

README: drop App Store paragraph, add lang to fenced code block Co-Authored-By:...

github

2026-04-26 17:54:29

File: README.md
 open "$HOME/Library/Developer/Xcode/DerivedData/NerdymarkScreenSaver/dist/Nerdym
 ## Project layout
-```
+```text
 screensavers/
 ├── project.yml                              xcodegen spec → generates .xcodeproj
 ├── build.sh                                 sign / notarize / DMG pipeline
 screensavers/
 ## Distribution
-Distributed as a notarized DMG from <https://nerdymark.com/screensavers>. Not on the Mac App Store (Apple employees' personal projects ship from their own sites by policy).
+Distributed as a notarized DMG from <https://nerdymark.com/screensavers>.
 ## License

Mac Screensaver: 52 Generative Scenes, Native Swift, Free

technology

2026-04-25 18:09:10 4 min read

Free notarized macOS screensaver bundling 52 generative scenes — plasmas, cellular automata, agent simulations, demoscene effects, and auto-playing classic games. Pure Swift + Core Graphics.

RDP Lottery - Network Scanner with Casino-Themed UI

technology

2026-04-18 18:56:49 3 min read

A local network scanner with a casino-themed web UI — discovers RDP and VNC servers, checks auth, and captures screenshots of unauthenticated desktops.

LinkedInalyzer - AI-Powered LinkedIn Feed Cleanup Tool

technology

2026-04-18 18:56:49 3 min read

Analyze your LinkedIn feed for political content and AI slop with Gemini, then decide who to unfollow or disconnect through a dashboard.

Pokemon Sleep Roster Analyzer - New Moon Day Support for Darkrai

gaming

2026-04-16 19:37:04 2 min read

Added a New Moon Day toggle to the Pokemon Sleep Roster Analyzer - guarantee Darkrai on every suggested team during the monthly event.

Happy Birthday S3 CTF Challenge Writeup

ctf

2026-04-14 12:00:00 18 min read

Multi-service AWS exploitation chain: account ID enumeration via s3recon, SNS StringLike policy bypass, and os.path.join path traversal to read the flag from a private S3 bucket.

X/Twitter API is Now Pay-to-Play - Why I Disabled Cross-Posting

technology

2026-03-23 17:53:21 5 min read

Attempted to implement automated cross-posting to X/Twitter and hit a wall of 403s, ghost projects, and a 402 paywall. Here's what happened.

Hardle Solver - Bulls and Cows Word Puzzle Helper

gaming

2026-03-16 18:24:17 2 min read

Built a Hardle solver companion tool for the Bulls and Cows style word puzzle. Enter guesses, set correct and misplaced counts, and narrow down candidates from 12,000+ words.

Wordle Solver - Interactive Puzzle Helper

technology

2026-03-01 18:01:40 1 min read

New interactive Wordle solver that helps you crack the daily puzzle with live word suggestions, color-coded tile input, and smart filtering.