Lmst
Login
Nelson | Security Researcher

Security researcher | Linux & cloud enthusiast | Open-source advocate | Sharing tips and scripts for sysadmins, pentesters, SecOps & cybersecurity community.
👉 Projects & tools: github.com/privlabs
#infosec #linux #opensource #cybersecurity

Nelson | Security Researcherprivlabs@techhub.social
2025-12-15

@SymfonyStation Thanks for sharing 🙏

The goal here isn’t to publish a CVE or a scanner, but to make early trust boundaries visible — update channels, signing assumptions, and supply-chain dependencies — so teams can reason about them calmly before things break.

Happy to discuss or get feedback from the Drupal community.

Nelson | Security Researcherprivlabs@techhub.social
2025-12-15

Short silent demo of PrivLabs — an offline supply-chain pre-audit assessment platform.

The goal is not scanning or exploitation, but answering an early question:

“Where should we focus our security effort before things break?”

Live demo (offline, non-destructive):
privlabs-security-toolkit.stre

Project overview:
privlabs.github.io/supplychain

Feedback welcome, especially from Blue Teams, security engineers, and DevSecOps.

#cybersecurity #supplychain #infosec #devsecops #drupal

Nelson | Security Researcherprivlabs@techhub.social
2025-12-11

🚨 Supply Chain Attack Simulation on Drupal (PoC, not a CVE)

What if a malicious actor hijacked the update server for your favorite CMS?
I built a full lab scenario to demonstrate how it could happen — and how to defend against it.

🔬 Techniques covered:

MITM + rogue CA, fake update feeds, trojanized package → RCE & persistence.
Full doc + PDF PoC.

Full documentation: attack steps, scripts (in PDF), hardening tips

⚠️ Not a Drupal 0-day — this is a controlled, educational simulation for awareness and training.

💡 Why it matters

Supply chain attacks are no longer theoretical.
This demo helps Blue Teams, Red Teams, developers, and trainers strengthen detection, review processes, and update security.

👉 Repo :
github.com/privlabs/-Supply-Ch

Questions or feedback?
DM me or email me (contact in README).

All in lab, all safe

#cybersecurity #infosec #securityresearch #offensivesecurity #blueteam
#redteam #supplychainsecurity #drupal #websecurity #devsecops
#softwaresecurity #rce #mitm

Screenshot showing Drupal’s ‘Available updates’ page displaying a security update, alongside a Linux terminal window where a payload has executed in a controlled supply chain attack simulation. The image illustrates a lab scenario involving a rogue update server and a tampered package, as documented in the GitHub project
Nelson | Security Researcherprivlabs@techhub.social
2025-12-05

🔥 Open-source project: Automated audit & hardening of Linux cron jobs (LPE detection & scripts)

After several months of research and lab testing, I’m releasing a complete guide + scripts to detect and fix privilege escalation via misconfigured cron jobs on Linux (automated audit, exploitation examples, hardening tips, etc.).

💡 Example: root shell on a cloud VM through a simple cron misconfiguration (see screenshot).

For sysadmins, SecOps, pentesters, or anyone passionate about Linux security.

👉 GitHub repo: github.com/privlabs/lpe-cron-m

Feel free to test, comment, or contribute! Would love your feedback or stories of similar issues you’ve found.

#linux #infosec #sysadmin #opensource #cybersecurity #privilegeescalation

Screenshot showing a Linux root shell gained on a cloud VM via cron job misconfiguration, with AWS EC2 dashboard details blurred for security.

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst