DEV Community: Nelson

Why I Built an Offline Pre-Audit Platform for Supply Chain Security (Before Scanning or Pentesting)

Nelson — Mon, 15 Dec 2025 10:19:09 +0000

In many security engagements, I kept seeing the same pattern.

Teams would start with:

scanners

pentests

long lists of findings

But very often, the real problem wasn’t what was exploitable,
it was where trust assumptions were already broken.

The gap before scanning

Most incidents I worked on started with:

weak sudoers configurations

unsafe update mechanisms

unpinned CI/CD dependencies

exposed management interfaces

These issues existed before any exploitation.

Yet most tools focus on what happens after.

Enter PrivLabs

I built PrivLabs to sit before scanning and exploitation.

PrivLabs is an offline supply-chain pre-audit assessment platform designed to:

identify early risk signals

structure findings

help teams decide where to focus first

It is intentionally:

non-exploiting

non-invasive

offline

human-centric

What PrivLabs does

Linux privilege escalation pre-audit

CI/CD pipeline trust analysis

Supply-chain configuration reviews

Executive-friendly risk summaries

What it does not do

No exploitation

No active attacks

No scanning

No data storage or transmission

PrivLabs complements pentesting — it doesn’t replace it.

Why offline matters

In many environments (enterprise, regulated, air-gapped), uploading data to SaaS tools is simply not an option.

PrivLabs processes everything in-memory, with no persistence.

Try it

Live demo:
https://privlabs-security-toolkit.streamlit.app/

Project overview:
https://privlabs.github.io/supplychain-security-toolkit/

Feedback is welcome — especially from people working in Blue Team, consulting, or DevSecOps roles.

Supply Chain Attack Simulation on Drupal: RCE via Malicious Update Server (PoC, not a CVE)

Nelson — Thu, 11 Dec 2025 14:43:56 +0000

What if a malicious actor could hijack the update server for your favorite CMS? I built a full lab scenario to show how it’s possible — and how to defend against it.

MITM, rogue CA, fake update feeds (release-history.xml), trojanized package, RCE + persistence
Everything documented: attack steps, screenshots, scripts (in the PDF), hardening tips
NOT a Drupal 0-day — just a realistic simulation for security awareness

Why does it matter?

Supply chain attacks are not theoretical anymore. This demo can help Blue Teams, Red Teams, devs, and trainers build better defenses and awareness.

👉 [See the repo & full PDF PoC] GitHub repo: https://github.com/privlabs/-Supply-Chain-Attack-Simulation-on-Drupal-RCE-via-Malicious-Update-Server-PoC-not-a-CVE-

Questions, feedback, want to collaborate? DM or email me (contact in README).

All lab, all safe, no harm to real-world systems!

cybersecurity #supplychainsecurity #securityresearch

offensivesecurity #redteam #blueteam #devsecops

drupal #websecurity #rce #mitm

Open-source tool: Detect & fix Linux cron job privilege escalation (LPE)

Nelson — Fri, 05 Dec 2025 19:56:19 +0000

After several months of research and lab testing, I’m releasing a complete guide + scripts to detect and fix privilege escalation via misconfigured cron jobs on Linux.

🚀 Key features:

Automated audit of cron jobs for security issues
Exploitation examples
Hardening tips
Open-source scripts

💡 Example: root shell on a cloud VM through a simple cron misconfiguration (see repo for details).

For sysadmins, SecOps, pentesters, or anyone passionate about Linux security.

👉 GitHub repo: https://github.com/privlabs/lpe-cron-misconfig-2025

Feel free to test, comment, or contribute! Would love your feedback or stories of similar issues you’ve found.

linux #security #opensource #cron #infosec #sysadmin