| | @@ -56,6 +56,21 @@ |
| | .meta{margin-top:26px;display:flex;flex-wrap:wrap;gap:8px 22px;font-size:13px;color:var(--muted);} |
| | .meta .mono{color:var(--faint);} |
| | |
| + | /* proof / live-exploit demo */ |
| + | .proof{padding-top:48px;} |
| + | .demo{border:1px solid var(--line2);border-radius:12px;overflow:hidden;background:#0a0c10; |
| + | box-shadow:0 0 0 1px rgba(108,199,184,.08), 0 26px 64px -28px rgba(0,0,0,.75);} |
| + | .demobar{display:flex;align-items:center;gap:8px;padding:11px 14px;background:#11151b;border-bottom:1px solid var(--line);} |
| + | .demobar .d{width:11px;height:11px;border-radius:50%;} |
| + | .demobar .r{background:#ff5f57;}.demobar .y{background:#febc2e;}.demobar .g{background:#28c840;} |
| + | .demobar .dlabel{color:var(--faint);font-size:12.5px;margin-left:8px;} |
| + | .demobar .dbadge{margin-left:auto;color:#06231f;background:var(--accent);font-size:11px;font-weight:700; |
| + | padding:3px 9px;border-radius:5px;letter-spacing:.5px;} |
| + | .demovid{display:block;width:100%;height:auto;background:#0a0c10;cursor:pointer;} |
| + | .democap{margin:0;padding:15px 18px;color:var(--soft);font-size:14px;line-height:1.55; |
| + | background:var(--panel);border-top:1px solid var(--line);} |
| + | .democap b{color:var(--ink);font-weight:600;} |
| + | |
| | /* sections */ |
| | section{padding:64px 0;border-bottom:1px solid var(--line);} |
| | .shead{display:flex;align-items:baseline;gap:14px;margin-bottom:30px;} |
| | @@ -178,7 +193,8 @@ |
| | cryptographic and database internals, and <b>Oversight Protocol</b>, a post-quantum |
| | data-provenance system I maintain in Rust. Almost all of it runs on my own homelab.</p> |
| | <div class="cta"> |
| - | <a class="btn primary" href="#oversight">See the work</a> |
| + | <a class="btn primary" href="#proof">▶ Watch a live break-in</a> |
| + | <a class="btn" href="#oversight">See the work</a> |
| | <a class="btn" href="https://github.com/zionboggan">GitHub</a> |
| | <a class="btn" href="https://www.linkedin.com/in/zion-boggan">LinkedIn</a> |
| | <a class="btn" href="https://oversightprotocol.dev/">oversightprotocol.dev</a> |
| | @@ -189,6 +205,26 @@ |
| | </div> |
| | </div></header> |
| | |
| + | <section id="proof" class="proof"><div class="wrap"> |
| + | <div class="shead"><span class="idx mono">00</span><h2>See it in action</h2><span class="rule"></span></div> |
| + | <div class="demo"> |
| + | <div class="demobar"> |
| + | <span class="d r"></span><span class="d y"></span><span class="d g"></span> |
| + | <span class="dlabel mono">live-exploit - controlled lab</span> |
| + | <span class="dbadge mono">REAL PoC</span> |
| + | </div> |
| + | <video class="demovid" autoplay muted loop playsinline preload="auto" |
| + | poster="/assets/hero/exploit-demo-poster.jpg" |
| + | onclick="if(this.requestFullscreen)this.requestFullscreen()"> |
| + | <source src="/assets/hero/exploit-demo.mp4" type="video/mp4"> |
| + | </video> |
| + | <p class="democap">A real SQL-injection chain against a web application I host in a lab I |
| + | control (OWASP Juice Shop): <b>bypass the login with no password</b>, then <b>dump every |
| + | account's stored credentials</b> from the database. Recorded end to end - the result |
| + | isn't staged. Same techniques I use in authorized testing; never against systems I don't own.</p> |
| + | </div> |
| + | </div></section> |
| + | |
| | <section id="oversight"><div class="wrap"> |
| | <div class="shead"><span class="idx mono">01</span><h2>Flagship</h2><span class="rule"></span></div> |
| | <div class="flag"> |