CVE-2025-10874: History Repeats - Exploiting Orbit Fox SSRF Redux
Deep-dive into CVE-2025-10874: How null byte truncation bypassed Orbit Fox's SSRF patch to extract AWS metadata from cloud hosts.
Ryan Roth
Chief Architect
[ 01 / 03 ] HeroUser Connected: 00:00
Hacker, researcher, malware analyst, developer, and designer.
I'm Ryan, a cybersecurity professional and former entrepreneur based in Greater Philadelphia. As Chief Architect at Layer 8 Security, I help organizations strengthen their security posture by bringing together cybersecurity and IT expertise — ensuring they stay ahead of evolving threats.
[ 02 / 03 ] SpotlightData as of: 10/17/25
In the spotlight
Featured Article
[ 03 / 03 ] ArticlesData as of: 10/17/25
Notes from the trenches
Latest Articles
CVE-2025-10874: History Repeats - Exploiting Orbit Fox SSRF Redux
Deep-dive into CVE-2025-10874: How null byte truncation bypassed Orbit Fox's SSRF patch to extract AWS metadata from cloud hosts.
Ryan Roth
Chief Architect
Secrets in Plain Sight: The Terra Dotta Incident
I discovered a critical Terra Dotta data exposure affecting hundreds of universities: publicly accessible credentials, SEVIS immigration data, and authentication bypasses. The vendor removed file after notification, but potentially compromised credentials remain active months later.
Ryan Roth
Chief Architect
CVE-2024-50960: Exploiting Extron SMP Command Injection
I recently stumbled upon a command injection vulnerability in Extron SMP streaming media processors—one that lets an authenticated web admin execute arbitrary OS commands as root. This post breaks down how it works and why it matters.
Ryan Roth
Chief Architect