romanticist.info

Lateral Movement via GCPW

How a privileged service account silently created by GCPW becomes a lateral movement vector when VMs get cloned without rotating credentials.

The HTTP spec from an attacker's lens. Where the ambiguity lives, how parsers disagree, and why that gap is always exploitable.