Nelson | Security Researcher

@privlabs@techhub.social
3 Followers
3 Following
5 Posts
Security researcher | Linux & cloud enthusiast | Open-source advocate | Sharing tips and scripts for sysadmins, pentesters, SecOps & cybersecurity community.
πŸ‘‰ Projects & tools: https://github.com/privlabs
#infosec #linux #opensource #cybersecurity
Show threadNelson | Security ResearcherDec 15

@SymfonyStation Thanks for sharing πŸ™

The goal here isn’t to publish a CVE or a scanner, but to make early trust boundaries visible β€” update channels, signing assumptions, and supply-chain dependencies β€” so teams can reason about them calmly before things break.

Happy to discuss or get feedback from the Drupal community.

Nelson | Security ResearcherDec 15

Short silent demo of PrivLabs β€” an offline supply-chain pre-audit assessment platform.

The goal is not scanning or exploitation, but answering an early question:

β€œWhere should we focus our security effort before things break?”

Live demo (offline, non-destructive):
https://privlabs-security-toolkit.streamlit.app/

Project overview:
https://privlabs.github.io/supplychain-security-toolkit/

Feedback welcome, especially from Blue Teams, security engineers, and DevSecOps.

#cybersecurity #supplychain #infosec #devsecops #drupal

Nelson | Security ResearcherDec 11

🚨 Supply Chain Attack Simulation on Drupal (PoC, not a CVE)

What if a malicious actor hijacked the update server for your favorite CMS?
I built a full lab scenario to demonstrate how it could happen β€” and how to defend against it.

πŸ”¬ Techniques covered:

MITM + rogue CA, fake update feeds, trojanized package β†’ RCE & persistence.
Full doc + PDF PoC.

Full documentation: attack steps, scripts (in PDF), hardening tips

⚠️ Not a Drupal 0-day β€” this is a controlled, educational simulation for awareness and training.

πŸ’‘ Why it matters

Supply chain attacks are no longer theoretical.
This demo helps Blue Teams, Red Teams, developers, and trainers strengthen detection, review processes, and update security.

πŸ‘‰ Repo :
https://github.com/privlabs/-Supply-Chain-Attack-Simulation-on-Drupal-RCE-via-Malicious-Update-Server-PoC-not-a-CVE-

Questions or feedback?
DM me or email me (contact in README).

All in lab, all safe

#cybersecurity #infosec #securityresearch #offensivesecurity #blueteam
#redteam #supplychainsecurity #drupal #websecurity #devsecops
#softwaresecurity #rce #mitm

Nelson | Security ResearcherDec 5

πŸ”₯ Open-source project: Automated audit & hardening of Linux cron jobs (LPE detection & scripts)

After several months of research and lab testing, I’m releasing a complete guide + scripts to detect and fix privilege escalation via misconfigured cron jobs on Linux (automated audit, exploitation examples, hardening tips, etc.).

πŸ’‘ Example: root shell on a cloud VM through a simple cron misconfiguration (see screenshot).

For sysadmins, SecOps, pentesters, or anyone passionate about Linux security.

πŸ‘‰ GitHub repo: https://github.com/privlabs/lpe-cron-misconfig-2025

Feel free to test, comment, or contribute! Would love your feedback or stories of similar issues you’ve found.

#linux #infosec #sysadmin #opensource #cybersecurity #privilegeescalation