Ryan Chaplin

Ryan, OSCP, has performed penetration testing services for clients across a variety of industries from hospitals to non-profits to S&P 500 companies. He has been awarded for his work from numerous companies including NASA JPL. Prior to working in Offensive Security his work focused on the intersection of Software Development, Digital Marketing, and Security. He also enjoys playing basketball, reading, the arts, and watching way too much Netflix.

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines

The Exploit articles written by Ryan Chaplin

  • Defense in Depth Against Linux Kernel Privilege Escalation
    , , , , ,

    Defense in Depth Against Linux Kernel Privilege Escalation: A Practical Guide for Container Workloads

     By Ryan Chaplin With current local privilege escalation exploits like Copy Fail and Dirty Frag active in the wild, harden your defenses to halt attacks even before patching. May 26, 2026
  • Bypassing ChatGPT’s Open-Source Model Security Restrictions for Agentic Hacking
    , ,

    Bypassing ChatGPT’s Open-Source Model Security Restrictions for Agentic Hacking

     By Ryan Chaplin Ryan Chaplin wondered what it would take to bypass ChatGPT’s open-source model security restrictions to allow AI to hack his website. See how he did it here. May 5, 2026
  • Two Critical Telnet Flaws in 2026 Allow Unauthenticated Root Access
    , ,

    Two Critical Telnet Flaws in 2026 Allow Unauthenticated Root Access

     By Ryan Chaplin Lead Penetration Ryan Chaplin explains how to protect your network against CVE-2026-24061 and CVE-2026-32746, two critical Telnet flaws released this year. April 10, 2026
  • BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack
    , , , ,

    BeyondTrust RCE Vulnerability Exploited: Critical 9.9 CVSS Flaw Under Active Attack

     By Ryan Chaplin While BeyondTrust patched cloud-hosted Remote Support customers earlier this month, on-premises deployments of BeyondTrust must manually patch to remediate. February 17, 2026
  • Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice
    , , , ,

    Bypassing a WAF and a CSP with Google Tag Manager: An Attacker’s Perspective and Remediation Advice

     By Ryan Chaplin Ryan Chaplin takes an in-depth look at how attackers can use unsafe directives to bypass CSP, notably in Google Tag Manager, and how to remediate the issue. February 10, 2026
  • Autonomous Supply-Chain Worm Compromises Postman, PostHog, Zapier and 26k Others
    ,

    Autonomous Supply-Chain Worm Compromises Postman, PostHog, Zapier, and 26k Others

     By Ryan Chaplin Operating fully autonomously, this new supply-chain malware has compromised Postman, PostHog, Zapier and 26k others. Learn what your organization should do now. December 10, 2025