https://jjeuribe.github.io/Sharing what I learn in cybersecurity and software engineering along the way. 2026-05-26T13:00:06-06:00 Javier Uribe https://jjeuribe.github.io/ Jekyll © 2026 Javier Uribe /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-26T07:00:00-06:00 2026-05-26T07:00:00-06:00 https://jjeuribe.github.io/posts/oop-classes-the-clay-that-shapes-your-software/ Javier Uribe

I’ve always seen OOP (Object-Oriented Programming) as the closest thing developers have to playing God. You essentially create worlds from scratch, you’re constantly shaping a small version of reality inside your software: A banking system has accounts, transactions, and customers. A game has players, weapons, missions, and enemies. An e-commerce platform has carts, products, and orders. This i...

2026-04-28T07:00:00-06:00 2026-04-28T07:00:00-06:00 https://jjeuribe.github.io/posts/aws-pentesting-flaws-level-6-when-the-gateway-finally-falls/ Javier Uribe

In this final challenge, you’re given an AWS access key with limited (mostly read-only) permissions. No admin powers, no obvious misconfigurations, this time just pure old-school enumeration. Your job is to explore the account, follow the clues, and pay attention to the details. The more you dig, the more patterns will start to show up. Observation will be your most powerful weapon here. Alrig...

2026-04-28T06:00:00-06:00 2026-04-28T06:00:00-06:00 https://jjeuribe.github.io/posts/aws-pentesting-flaws-level-5-exploiting-aws-imds-via-ssrf/ Javier Uribe

In this level, you’ll deal with a proxy feature that’s letting an attacker to fetch external resources on behalf of one of your EC2 instances. This may not look dangerous at first, but under the hood it opens the door to a very well-known vulnerability. That said, let’s take a look at the challenge scenario: Scenario: This EC2 has a simple HTTP only proxy on it. Here are some examples of i...

2026-04-28T05:00:00-06:00 2026-04-28T05:00:00-06:00 https://jjeuribe.github.io/posts/aws-pentesting-flaws-level-4-when-ebs-snapshots-leak-secrets/ Javier Uribe

In this level, your objective is to gain access to a web application. A URL will be provided, and you must authenticate using a valid username and password. The challenge introduces you the following scenario: Scenario: For the next level, you need to get access to the web page running on an EC2 http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud. It’ll be useful to know that a sna...

2026-04-27T07:00:00-06:00 2026-04-27T07:00:00-06:00 https://jjeuribe.github.io/posts/aws-pentesting-flaws-level-3-from-public-bucket-to-aws-keys/ Javier Uribe

Continuing with our S3 bucket exposure journey, this challenge introduces the following scenario: Scenario: The next level is fairly similar, with a slight twist. Time to find your first AWS key! I bet you’ll find something that will let you list what other buckets are. Ok, the instructions are crystal clear: find an AWS key pair and use it to list the buckets accessible with those creden...