My story, My mission. Hello cyber enthusiasts, Get ready for an exciting story, ayyy!! My name is Winston Ighodaro. I'm a Pentester/Ethical Hacker, Blogger, Christian and a Nigerian. This story is going to be fun, so grab your coffee and keep reading! I got my first break in

I scanned a server and found Jenkins running on port 8080 with the Jetty engine. After a successful login using weak credentials, I accessed the script console and ran arbitrary code. This misconfiguration gave me full control over the CI/CD pipeline.

I scanned a server and found Jenkins running on port 8080 with the Jetty engine. After a successful login using weak credentials, I accessed the script console and ran arbitrary code. This misconfiguration gave me full control over the CI/CD pipeline.

I found an open-source project with insecure GitHub Actions workflows triggered by pull requests. I forked the repo, committed a malicious workflow that downloads a reverse shell payload from my server.

I found an open-source project with insecure GitHub Actions workflows triggered by pull requests. I forked the repo, committed a malicious workflow that downloads a reverse shell payload from my server.

I compromised a container that had the Docker socket mounted (/var/run/docker.sock) and used it to mount the host file system. After escaping, I stole EC2 instance credentials from /root/.aws/credentials, dumped metadata, and exfiltrated a ZIP of secrets using nc. This attack

I compromised a container that had the Docker socket mounted (/var/run/docker.sock) and used it to mount the host file system. After escaping, I stole EC2 instance credentials from /root/.aws/credentials, dumped metadata, and exfiltrated a ZIP of secrets using nc. This attack

What do you see?

I analyzed a malicious Chrome extension that impersonated a productivity tool but silently extracted browser cookies and localStorage tokens. It targeted a finance dashboard, stealing session data and uploading it via Fetch to a remote server. The code masked activity under a

Skip the expensive IVs! Oral NAD+ precursors like NMN and NR are scientifically proven to work better and last longer. Access the benefits at home with bioavailable ingredients you can trust.

Today’s session focused on reviewing a capture where 203.0.113.4 communicated heavily with 198.51.100.23, raising flags around repeated lookups to https://t.co/gBuuxa6r2h. The analyzer highlighted a suspicious TLS handshake pointing to https://t.co/iy6AEFshxY, suggesting possible

Today’s session focused on reviewing a capture where 203.0.113.4 communicated heavily with 198.51.100.23, raising flags around repeated lookups to https://t.co/gBuuxa6r2h. The analyzer highlighted a suspicious TLS handshake pointing to https://t.co/iy6AEFshxY, suggesting possible

I scanned a Jenkins endpoint hosted at 135.181.217.213, discovered a script console exposed on port 8080, and injected code to dump environment variables. From the logs, I exfiltrated Git credentials and triggered a private pipeline to dump artifacts from a staging server

. @damnsec1 @segoslavia come and see https://t.co/7dC84zf1aR

I compromised a misconfigured Jenkins instance and injected a malicious .sh script into the build pipeline. The shell script triggered on every push and uploaded .env secrets to an attacker-controlled server. Netstat confirmed active C2 comms to a Romanian VPS over port 8080.

https://t.co/mzVogcIPO1

With 15k your troubles will be gone!!

BIG WEEK FOR HELIUM! won Best Wi-Fi Innovation at the @WBAlliance awards 2025 in Paris, France! 🏆

https://t.co/yAQ7HNQEk7

https://t.co/KHqPG42jif

A fake invoice lured the victim into executing a VBScript that launched a Python payload via wscript.exe. The payload captured webcam and screen frames, stored them locally in C:\ProgramData, and uploaded the data via HTTP POST to an attacker-controlled server hosted in Germany.

I investigated a compromised CI/CD pipeline where a rogue GitHub Actions workflow pulled and deployed a malicious Go binary from an attacker’s server. The compiled malware mimicked a legitimate service and tunneled data via HTTP POST requests to a C2 domain.

Upland is the city-builder where what you create actually matters. - Own real-world properties. - Build neighborhoods that attract digital residents called Uppies. - Trade, earn, and grow a city that never resets.

The system was infected by fileless malware leveraging wmic and reflective DLL injection. Malicious PowerShell ran entirely in memory, leaving no disk artifacts. Analysis of memory dumps revealed a hidden backdoor. Volatility confirmed injected threads and encoded PowerShell code