Piyush Gupta

Follow:
4 Articles
Tech

I reproduced a Claude Code RCE. The bug pattern is everywhere.

Last week, security researcher Joernchen published a clever RCE in Claude Code

Piyush Gupta Piyush Gupta
$20 VPS. 72 hours. 900 buckets. 40 live AWS keys. (Screenshot is an AI-generated recreation for illustration. No real credentials are shown.)
Security

I found 900 S3 buckets exposing Terraform state files. 41 had live AWS credentials.

I built a scanner that guesses S3 bucket names and looks for .tfstate files.

Piyush Gupta Piyush Gupta
I poisoned a Hugging Face dataset. 2,400 downloads. 6 months. Nobody noticed. (Image: AI-generated mockup, the original page was taken down.)
Tech

I poisoned a Hugging Face dataset and it stayed up for 6 months.

I uploaded a "fine-tuning dataset" to Hugging Face with 1,000 rows of

Piyush Gupta Piyush Gupta
Side-by-side terminal comparison showing GET /v1/accounts returning 401 Unauthorized versus GET /v1/accounts/ returning 200 OK with full account data including balances. A glowing forward slash character separates the two terminals, illustrating the trailing slash bypass.
Tech

I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty.

I was poking at a fintech’s mobile API and noticed something that

Piyush Gupta Piyush Gupta
Lost your password?