Technical writeups on security research and engineering by Ashton Vaughan.https://ashtonvaughan.com/https://ashtonvaughan.com/writeups/driving-burp-from-an-ai-agent/https://ashtonvaughan.com/writeups/driving-burp-from-an-ai-agent/Why a thin MCP wrapper around Burp is useless to an autonomous agent, and what it took to expose functional 100% of the Montoya API, including a reflection bridge into other installed extensions.Wed, 10 Jun 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/autonomous-hypothesis-driven-pentesting/https://ashtonvaughan.com/writeups/autonomous-hypothesis-driven-pentesting/Project Triage hunts like a researcher, not a scanner. The hard part was not the 51 tools, it was the 19 reasoning modules and the scaffolding that stops an LLM agent from looping forever.Mon, 08 Jun 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/a-browser-runtime-for-agents/https://ashtonvaughan.com/writeups/a-browser-runtime-for-agents/Browser automation was built for humans and retrofitted for agents. Building AgentBrowser meant inverting that, an API that speaks goals, a cursor that actually moves, and per-site memory that skips the model on repeat visits.Fri, 05 Jun 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/sparse-moe-inference-on-modest-hardware/https://ashtonvaughan.com/writeups/sparse-moe-inference-on-modest-hardware/A research exploration into sparse mixture-of-experts inference on consumer GPUs and APUs: mixed-precision experts, low-rank compression, predictive prefetch, and NUMA-aware placement. Design notes, not a benchmark.Thu, 04 Jun 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/proving-an-llm-jailbreak-is-universal/https://ashtonvaughan.com/writeups/proving-an-llm-jailbreak-is-universal/The discipline that separates a lucky prompt from a bounty-grade universal jailbreak: a train/test split on objectives, an independent multi-judge, a binomial significance test on held-out behaviors, and an authorization gate that fails closed.Tue, 02 Jun 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/local-first-reverse-engineering-agent/https://ashtonvaughan.com/writeups/local-first-reverse-engineering-agent/Somnus drives Ghidra, angr, Frida and AFL++ through a small local model to triage binaries, no API keys, no network. It works end-to-end on ret2win. Here is what that proves, and what it very much does not.Thu, 28 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/anatomy-of-an-autonomous-bug-bounty-pipeline/https://ashtonvaughan.com/writeups/anatomy-of-an-autonomous-bug-bounty-pipeline/BountyHound wraps five security tools as FastAPI job servers behind one MCP entry point. The architecture is simple on purpose, and the discipline that matters is the boundary that keeps an agent from reporting tool output it never verified.Tue, 26 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/synthetic-datasets-with-provenance/https://ashtonvaughan.com/writeups/synthetic-datasets-with-provenance/AnyData is a closed-loop dataset factory where every example carries how strongly its correctness was verified. Why the tier you can verify against is the real ceiling on quality, and why a model can never grade its own output.Sun, 24 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/no-step-up-is-an-ato-primitive/https://ashtonvaughan.com/writeups/no-step-up-is-an-ato-primitive/A password or email change that accepts only a bearer token, with no current password and no fresh-auth check, is an ATO primitive on its own. Here is how I test for it and why "you need the token" is a weak defence.Fri, 22 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/authorization-in-serverless-backends/https://ashtonvaughan.com/writeups/authorization-in-serverless-backends/A generic, target-free field guide to the access-control failures I keep finding in Supabase / edge-function backends, and the two-account method that surfaces them. No program names; this is about the class, not any one bug.Wed, 20 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/lstm-scalping-signal-engine/https://ashtonvaughan.com/writeups/lstm-scalping-signal-engine/money-maker predicts whether EUR/USD hits a 2-pip take profit before a 1.5-pip stop. The hard parts are label design, latency into MT5, and accepting that forward testing is the only honest evaluation.Mon, 18 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/business-logic-is-where-scanners-lose/https://ashtonvaughan.com/writeups/business-logic-is-where-scanners-lose/Why automated tools never find logic bugs, and the way I map a money or quota flow to attack its invariants instead of its inputs.Sat, 16 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/lessons-from-an-abandoned-computer-use-daemon/https://ashtonvaughan.com/writeups/lessons-from-an-abandoned-computer-use-daemon/Nerve was a working cross-platform computer-use runtime: a Rust daemon, two SDKs, a real Anthropic Computer Use loop. I stopped active development on the consumer-product framing. Here is what it got right, what computer-use is genuinely hard at, and why I shelved it anyway.Thu, 14 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/natural-language-nmap/https://ashtonvaughan.com/writeups/natural-language-nmap/TNmap is a terminal UI that turns plain English into the right nmap invocation. The interesting part is the retrieval stack that maps fuzzy intent to exact flags without an API, and why it degrades gracefully instead of stalling.Tue, 12 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/ssrf-to-cloud-metadata/https://ashtonvaughan.com/writeups/ssrf-to-cloud-metadata/How a server-side request that reaches 169.254.169.254 becomes role credentials, why IMDSv2 changes the rules, the bypasses that still work, and how to prove impact read-only without touching anything destructive.Sun, 10 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/oauth-redirect-uri-and-state/https://ashtonvaughan.com/writeups/oauth-redirect-uri-and-state/Redirect_uri allowlist bypasses, the real job of state and PKCE, and why most "open redirect in OAuth" reports get downgraded unless you show token theft.Fri, 08 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/deep-rl-for-forex-swing-trading/https://ashtonvaughan.com/writeups/deep-rl-for-forex-swing-trading/TradingEngine is a PPO agent for H1 swing trades with an LSTM-plus-Transformer feature extractor. The engineering that matters is state and action design, reward shaping that does not blow up, and walk-forward evaluation that refuses to lie to you.Wed, 06 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/postmessage-origin-checks/https://ashtonvaughan.com/writeups/postmessage-origin-checks/How message handlers that skip event.origin validation turn an embedded widget into cross-window data theft or DOM XSS, and how I actually test them.Mon, 04 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/single-packet-race-conditions/https://ashtonvaughan.com/writeups/single-packet-race-conditions/How HTTP/2 last-byte synchronisation removes network jitter from race testing, and why the real TOCTOU lives at the database isolation level.Sat, 02 May 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/evolutionary-search-over-a-million-strategies/https://ashtonvaughan.com/writeups/evolutionary-search-over-a-million-strategies/strategy-search evolves trading-strategy configurations with a genetic algorithm over transformer models. The engineering that matters is not the model: it is the representation, the fitness function, and the validation that keeps the search honest.Thu, 30 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/secondary-context-attacks/https://ashtonvaughan.com/writeups/secondary-context-attacks/A target-free walkthrough of BFF and gateway abuse: a public endpoint silently forwards to an internal service, and path traversal in a URL segment reaches endpoints that were never meant to be public.Tue, 28 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/saml-relaystate-and-sso-trust/https://ashtonvaughan.com/writeups/saml-relaystate-and-sso-trust/RelayState as an open-redirect and phishing vector through a trusted identity-provider domain, plus the assertion-signing pitfalls that turn a redirect into a full SSO bypass.Sun, 26 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/why-resolved-is-not-validated/https://ashtonvaughan.com/writeups/why-resolved-is-not-validated/A four-layer validation gate for bug bounty findings. The API returning data is not a bug. A program resolving your report is not proof you were right. Here is how I cull false positives before they ever leave my machine.Wed, 22 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/from-idor-to-proven-critical/https://ashtonvaughan.com/writeups/from-idor-to-proven-critical/A read IDOR is a Medium until you demonstrate impact; the discipline of mass enumeration, PII at scale, and cross-tenant write that earns the severity.Mon, 20 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/cors-that-leaks-credentials/https://ashtonvaughan.com/writeups/cors-that-leaks-credentials/Why reflecting the request Origin together with Allow-Credentials: true defeats the same-origin policy, why null and suffix allowlists fail, and how to prove a cross-origin credentialed read.Sat, 18 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/graphql-authorization-and-batching/https://ashtonvaughan.com/writeups/graphql-authorization-and-batching/Field-level authz gaps, introspection, alias and batch abuse to defeat rate limits, and nested-query DoS, with the one structural reason GraphQL keeps leaking: object checks belong on resolvers, not the gateway.Thu, 16 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/jwt-algorithm-confusion/https://ashtonvaughan.com/writeups/jwt-algorithm-confusion/RS256-verified-as-HS256 with the public key as the HMAC secret, the alg=none variants, kid injection, and why correct verification pins the algorithm from JWKS instead of the token.Sun, 12 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/a-toolkit-per-target/https://ashtonvaughan.com/writeups/a-toolkit-per-target/Generic scanner templates lose because every target is shaped differently. I build a small, target-shaped toolkit per engagement: probes cut to the detected vendors and seams, output shaped for an agent context window, real out-of-band sinks, and proof of concept that holds up.Wed, 08 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/brute-forcing-otps-when-there-is-no-rate-limit/https://ashtonvaughan.com/writeups/brute-forcing-otps-when-there-is-no-rate-limit/The math on a 4 or 6 digit one-time code with no rate limit, the verification races, the IP-rotation realities, and why self-OTP bypass still matters.Sat, 04 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/finding-secrets-in-client-bundles/https://ashtonvaughan.com/writeups/finding-secrets-in-client-bundles/Harvesting keys from front-end JS, sourcemaps, and committed .env files, and the part that matters more than finding them: knowing which key actually bypasses your security model and which is harmless by design.Thu, 02 Apr 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/subdomain-takeover-at-scale/https://ashtonvaughan.com/writeups/subdomain-takeover-at-scale/How a forgotten CNAME becomes a claimable subdomain, and how to find them across a wide asset list using CT logs and resolver diffing instead of luck.Thu, 26 Mar 2026 00:00:00 GMThttps://ashtonvaughan.com/writeups/out-of-band-infra-on-cloudflare-workers/https://ashtonvaughan.com/writeups/out-of-band-infra-on-cloudflare-workers/How I build throwaway OOB callback sinks, attacker JWKS hosts, OAuth redirect receivers, and smuggling relays on the edge, and why Workers beat a single VPS for blind-vuln confirmation.Thu, 12 Mar 2026 00:00:00 GMT