Zion Boggan
repos/Security Portfolio/commits/eda726a
zionboggan.com ↗
Code Commits Tags

Add clip #2 (RCE -> root) - two-clip kill-chain on homepage

Self-recorded PoC: command injection in a self-hosted appliance's diagnostics
endpoint -> remote code execution as root -> production-secret exfiltration.
Restructures 'See it in action' into an escalating pair: web-app data breach
(SQLi) then full server takeover (RCE).
eda726a   Zion Boggan committed on May 30, 2026 (3 weeks ago)
assets/hero/rce-demo-poster.jpg +0 -0
Binary file not shown
assets/hero/rce-demo.mp4 +0 -0
Binary file not shown
index.html +30 -5
@@ -58,8 +58,13 @@
/* proof / live-exploit demo */
.proof{padding-top:48px;}
+ .proof-intro{max-width:760px;color:var(--soft);font-size:15.5px;line-height:1.6;margin:0 0 28px;}
.demo{border:1px solid var(--line2);border-radius:12px;overflow:hidden;background:#0a0c10;
box-shadow:0 0 0 1px rgba(108,199,184,.08), 0 26px 64px -28px rgba(0,0,0,.75);}
+ .demo + .demo{margin-top:30px;}
+ .step{display:inline-block;font-size:11px;font-weight:700;letter-spacing:.6px;color:#06231f;
+ background:var(--accent);padding:2px 8px;border-radius:5px;margin-right:9px;vertical-align:1px;}
+ .step.crit{background:#ff6b6b;color:#2a0606;}
.demobar{display:flex;align-items:center;gap:8px;padding:11px 14px;background:#11151b;border-bottom:1px solid var(--line);}
.demobar .d{width:11px;height:11px;border-radius:50%;}
.demobar .r{background:#ff5f57;}.demobar .y{background:#febc2e;}.demobar .g{background:#28c840;}
@@ -207,10 +212,15 @@
<section id="proof" class="proof"><div class="wrap">
<div class="shead"><span class="idx mono">00</span><h2>See it in action</h2><span class="rule"></span></div>
+ <p class="proof-intro">Two recorded proofs-of-concept against applications I host in a lab I
+ control - a web-app data breach, then full server takeover. Real exploits, real output,
+ nothing staged. The techniques are the ones I use in authorized testing; never against
+ systems I don't own.</p>
+
<div class="demo">
<div class="demobar">
<span class="d r"></span><span class="d y"></span><span class="d g"></span>
- <span class="dlabel mono">live-exploit - controlled lab</span>
+ <span class="dlabel mono">01 - web-app breach · controlled lab</span>
<span class="dbadge mono">REAL PoC</span>
</div>
<video class="demovid" autoplay muted loop playsinline preload="auto"
@@ -218,10 +228,25 @@
onclick="if(this.requestFullscreen)this.requestFullscreen()">
<source src="/assets/hero/exploit-demo.mp4" type="video/mp4">
</video>
- <p class="democap">A real SQL-injection chain against a web application I host in a lab I
- control (OWASP Juice Shop): <b>bypass the login with no password</b>, then <b>dump every
- account's stored credentials</b> from the database. Recorded end to end - the result
- isn't staged. Same techniques I use in authorized testing; never against systems I don't own.</p>
+ <p class="democap"><span class="step mono">01 · DATA BREACH</span> A real SQL-injection chain
+ against a web app (OWASP Juice Shop): <b>bypass the login with no password</b>, then
+ <b>dump every account's stored credentials</b> straight from the database.</p>
+ </div>
+
+ <div class="demo">
+ <div class="demobar">
+ <span class="d r"></span><span class="d y"></span><span class="d g"></span>
+ <span class="dlabel mono">02 - server takeover · controlled lab</span>
+ <span class="dbadge mono">REAL PoC</span>
+ </div>
+ <video class="demovid" autoplay muted loop playsinline preload="auto"
+ poster="/assets/hero/rce-demo-poster.jpg"
+ onclick="if(this.requestFullscreen)this.requestFullscreen()">
+ <source src="/assets/hero/rce-demo.mp4" type="video/mp4">
+ </video>
+ <p class="democap"><span class="step mono crit">02 · FULL TAKEOVER</span> Command injection in
+ an appliance's diagnostics tool: a "ping" box that <b>runs whatever I type - as root</b>.
+ One request turns into <b>remote code execution and the server's production secrets</b>.</p>
</div>
</div></section>