z

zayne

(he/him)

• 

  SupaPwn: Hacking Our Way into Lovable's Office and Helping Secure Supabase

  We hacked our way into Lovable's office by demoing SupaPwn — a chain that could potentially enable region-wide tenant takeover: event-trigger privilege window, DB superuser, host RCE, SUID escalation, exposed configs, orchestration takeover

  s s1r1us

  r rootxharsh

  z zayne

  l liveoverflow

  ・ November 17, 2025

  research
• 

  Introducing Hacktron AI: An autonomous penetration test of Gumroad

  At Hacktron, we're building collaborative AI agents that act as autonomous security researchers. Learn more about our approach and our AI-driven pentest on Gumroad.

  z zayne

  s s1r1us

  ・ August 14, 2025

  research essay
• 

  Executing arbitrary Python code from a comment

  How a Python comment can turn a file into a ZIP polyglot, tricking the interpreter into running code. Insights from a UIUCTF 2025 challenge and Python's ZIP parsing quirks.

  z zayne

  ・ July 28, 2025

  research

• AI hackers are both a generational threat and a generational opportunity

  AI hackers will scale cyber threats via automated exploitation, but the same technology can turn this generational risk into an industry-wide defence.

  z zayne

  ・ May 8, 2025

  essay