https://disgracefuldev.com Offensive security, red teaming, devsecops, and development. en-us https://disgracefuldev.com/blog/jumblejuice-payload-encoder.html I built a shellcode encoder that outputs ready-to-paste code snippets in C, C#, Go, Python, Rust, and Nim. Six encoding schemes, zero dependencies. Here's how it works and why I needed it. Fri, 20 Mar 2026 00:00:00 GMT https://disgracefuldev.com/blog/jumblejuice-payload-encoder.html tools https://disgracefuldev.com/blog/bypassing-edr-syscall-proxying.html EDR products hook ntdll.dll to watch your syscalls. Syscall proxying lets you slip past those hooks by borrowing clean stubs from modules the EDR didn't bother to patch. Sun, 15 Mar 2026 00:00:00 GMT https://disgracefuldev.com/blog/bypassing-edr-syscall-proxying.html red-team https://disgracefuldev.com/blog/cicd-attack-surface-mapping.html Every CI/CD pipeline is an attack surface. From GitHub Actions to Jenkins, this post maps the common attack vectors and shows how to find them in your own infrastructure. Tue, 10 Mar 2026 00:00:00 GMT https://disgracefuldev.com/blog/cicd-attack-surface-mapping.html devsecops https://disgracefuldev.com/blog/wsus-rce-cve-2025-59287.html A CVSS 9.8 deserialization flaw in WSUS lets an unauthenticated attacker pop a SYSTEM shell on any unpatched WSUS server. No credentials required, just network access to port 8530. Mon, 10 Nov 2025 00:00:00 GMT https://disgracefuldev.com/blog/wsus-rce-cve-2025-59287.html red-team