Initial Access Intelligence

CVE-2026-35616 - FortiClient EMS Pre-Authentication API Bypass (CVSS 9.1, CISA KEV). Python & Nmap NSE detection scripts with full technical breakdown. One forged HTTP header bypasses authentication on FortiClient EMS 7.4.5–7.4.6, granting full admin API access to all managed endpoints.

authentication-bypass cybersecurity forticlient fortinet nmap-scripts nse-scripts vulnerability-detection vulnerability-research cve-2026-35616 forticlient-ems

Python Lua

None

None

Dockerfile HTML CSS Shell Python

DevSecOps CI/CD pipeline with GitHub Actions, CodeQL, Trivy, & Gitleaks

Dockerfile Python HCL

Penetration testing lab on Metasploitable 2 — performed network scanning, service enumeration, vulnerability identification, and exploitation using Nmap and Metasploit Framework to gain root access. Includes findings and remediation recommendations.

CVE-2026-39987 - Marimo < 0.23.0 Pre-Auth RCE (WebSocket) PoC de explotación - Conecta a /terminal/ws sin autenticación Author: Fevar54 Date: 2026-04-13 Severity: CRITICAL CVSS: 9.3

Python

Security team discovered vulnerabilities in production containers. The CTO instructed — "Before any Docker image goes to production, it must be scanned for vulnerabilities. Automate security scanning inside CI/CD pipeline."

Dockerfile JavaScript

Malware 2025 analysis "Brickstorm"

YARA

A full-chain security audit demonstrating how everyday vulnerabilities like forgotten WordPress plugin updates, hardcoded plaintext secrets, and password reuse can escalate into a complete root server compromise.

cybersecurity ethical-hacking pentesting web-security wp-hacking wp-plugin

Python PHP

None

Python Batchfile