John Stawinski IV

Making Hacking Accessible

Featured Articles:

Worse Than SolarWinds: Three Steps to Hack Blockchains, GitHub, and ML through GitHub Actions

Scoring 100 Points on the New OSCP Exam: My Exam Experience

Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch

Latest from the Blog

Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch

Security tends to lag behind adoption, and AI/ML is no exception.  Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platforms. Used by titans like Google, Meta, Boeing, and Lockheed Martin, PyTorch is a major target for hackers and nation-states alike.  Thankfully, we exploited…

Worse than SolarWinds: Three Steps to  Hack Blockchains, GitHub, and ML through GitHub Actions

Six months ago, my friend and colleague Adnan Khan started researching a new class of CI/CD attacks. Adnan grasped the significance of these attacks after executing them against GitHub to gain total control of the GitHub Actions runner images. GitHub’s bug bounty program scored this vulnerability as “Critical” and paid a $20,000 reward. Following this…

Lessons from Solo Travelling

Simon realized he could see his shadow on the ocean floor. It took me a minute, but looking down from my board, I realized I could too – through eighteen feet of turbulent ocean water. So could Amara sitting next to us. We were the only people on this break, two hundred meters offshore from…