Personal security research notebook.https://romanticist.info/https://romanticist.info/posts/http-for-hacking/https://romanticist.info/posts/http-for-hacking/The HTTP spec from an attacker's lens. Where the ambiguity lives, how parsers disagree, and why that gap is always exploitable.Sat, 01 Feb 2025 00:00:00 GMThttpwebfundamentalshttps://romanticist.info/posts/gcpw-lateral-movement/https://romanticist.info/posts/gcpw-lateral-movement/How a cloned VM image turns into a free pass across an entire GCP environment. No fancy exploit, just a credential that nobody rotated.Wed, 15 Jan 2025 00:00:00 GMTgcpwgcplateral-movementwindowslsa