Cybersecurity, AI & Python Programming Blog

Cybersecurity blog featuring artificial intelligence projects, Python programming tutorials, CTF writeups, and security research by Mark LaCore.

Pokémon Sleep Roster Analyzer: In-Place Edits & New Pokémon

games

2026-06-07 09:58:44 3 min read

The Pokémon Sleep Roster Analyzer now edits Pokémon in place without scrolling, adds Latias and Noibat, and corrects a dish recipe verified against Serebii.

The Mythos Nerf: How Anthropic Caged the Agent to Save the World (And Killed My ...

technology

2026-06-05 00:27:31 5 min read

Is Claude getting dumber, or just terrified? A look at how Anthropic's pre-Mythos safety lockouts are turning advanced AI agents into highly polite paperweights - and wrecking cyber workflows.

CodeBreach Breakdown: You Saved the Day for AWS Pipelines

thanks

2026-06-02 00:07:37

This Wiz breakdown of the CodeBreach vulnerability offers essential guidance for securing AWS CodeBuild pipelines against critical supply chain risks.

Read more about it here: CodeBreach Breakdown: You Saved the Day for AWS Pipelines

Glass House CTF: 12 of 12, Bypassing an Unanchored CodeBuild Regex

2026-05-31 07:55:17 16 min read

Wiz Cloud Security Championship Challenge 12 'Glass House' solved: bypassed an unanchored CodeBuild ACTOR_ACCOUNT_ID regex by mass-creating 38,252 GitLab project access tokens until landing UID 61517531, then Poisoned Pipeline Execution via tests/run.sh to exfiltrate the SSM signing key. 12/12 complete.

Pokémon TCG Pocket: Paradox Drive Expansion Coming Soon

thanks

2026-05-27 14:58:00

I am looking forward to this! This evening? Paradox Pokémon drift into Pokémon TCG Pocket as part of this new expansion coming May 27, 2026.

Read more about it here: Pokémon TCG Pocket: Paradox Drive Expansion Coming Soon

Essential Intel: Decoding the Recent Windows 11 BitLocker Bypass

thanks

2026-05-25 05:49:25

This Ars Technica breakdown offers a great resource for understanding the new YellowKey exploit, which exposes critical security flaws in default Windows 11 BitLocker.

Essential Intel: Decoding the Recent Windows 11 BitLocker Bypass

Contain Me If You Can CTF: Container Escape via a Plaintext Postgres Connection

2026-05-24 12:00:00 14 min read

Wiz Cloud Security Championship #2 writeup: sniff a plaintext PostgreSQL credential with tcpdump, get superuser RCE via COPY FROM PROGRAM, abuse passwordless sudo, and mount the host block device to read /flag.

Synaptic Sync CTF: AES-GCM Nonce Reuse and the Forbidden Attack

2026-05-23 16:00:00 18 min read

LevelUpCTF Synaptic Sync writeup: a deterministic AES-GCM nonce derived from the Node ID leaks the GHASH authentication key via the Joux forbidden attack, enabling arbitrary tag forgery and a duplicate-JSON-key command override.

RouteGuard Structural Audit CTF: CBC Bit-Flipping for Privilege Escalation

2026-05-23 15:00:00 12 min read

LevelUpCTF RouteGuard Structural Audit writeup: AES-CBC session tokens with no MAC, escalate guest to admin via a 5-byte IV XOR flip, brute-force 3 blocks x 12 offsets to locate the role field.

Perimeter Leak CTF: Bypassing an AWS Data Perimeter with Pre-Signed URLs

2026-05-23 14:00:00 14 min read

Wiz Cloud Security Championship Challenge 01 writeup: chain Spring Boot Actuator exposure, a method/header-forwarding /proxy SSRF, IMDSv2 credential theft, and offline S3 pre-signed URLs to bypass a VPC-bound AWS data perimeter.

▲