This year I had the opportunity to perform security testing on an LLM agent, and at first, I wasn’t sure where to begin. I spent hours researching how the system works and how it should be approached from a security perspective. When you’re under time pressure, you naturally look for the shortest path to understand […]

The rise of generative AI and large foundation models has unlocked capabilities that were unimaginable just a few years ago—while simultaneously opening a new frontier of security risks. Generative AI, especially large language models (LLMs), represents only one branch of the broader AI ecosystem, but it’s the branch that has reshaped how modern enterprises operate. […]

Learn how to perform a complete Security Review for new product features—from scoping and architecture analysis to threat modeling and risk assessment. Using a real-world chatbot integration example, this guide shows how to identify risks, apply security guardrails, and deliver actionable recommendations before release.

A security architecture review is a systematic assessment of an environment’s design, configuration, and controls to evaluate whether they meet security requirements and can withstand realistic threats. At some point, if you lean toward product or infrastructure security, you’ll inevitably find yourself doing a review like this. When I did my first one, I didn’t […]

In this walkthrough, we’ll explore the Dogcat room on TryHackMe, a box that features a Local File Inclusion (LFI) vulnerability and Docker privilege escalation. LFI allows us to read sensitive files from the system and eventually gain access to the server.There are a total of 4 flags in this machine which we need to find. […]

A step-by-step TryHackMe Cyborg walkthrough to achieve root access. Learn essential techniques for web enumeration, SSH access, and privilege escalation.

A step-by-step TryHackMe Overpass walkthrough, guiding you through reconnaissance, web enumeration, SSH access, and privilege escalation to root.

Prime: 1 is a challenging boot2root machine created by Suraj Pandey. It is designed for those who are preparing for the OSCP exam and is a great way to practice your penetration testing skills. In this blog post, I will walk you through the steps I took to root the machine, including: Performing a port […]

LazySysAdmin is an easy to crack VM. There are multiple ways to crack this machine, several ports and mis-configured services are present inside this box. The takeaway from this machine for me is to understand a service better and thinking simpler to get root privileges after we are able to exploit a badly configured service. […]

Vengeance is one of the digital world.local series which makes vulnerable boxes closer to OSCP labs. This box has a lot of services and there could be multiple ways to exploit this, Below is what I have tried. Lab requirement: 1. Kali VM 2. Download Vengeance: https://www.vulnhub.com/entry/digitalworldlocal-vengeance,704 3. Some patience. I have written article already […]

Recently, My focus turned more towards OSCP and I am thinking of taking the exam. After reading tons of people’s experience over Reddit, I took some notes on what would be my way of studying for this. It isn’t easy from the looks of it and to win with time, I need a lot of […]

This article talks about cracking Level 13 Binary of Cyberstart CTF. The hint that was given for this challenge is “Cyclic Pattern”, which means we need to use pattern finder tool to figure out the length of the buffer and then run the arbitrary function. Let’s crack this: Running the binary gives us this output: […]

This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup. Let’s look into exploiting this: Requirements: 1. Vmware/Virtual Box < This is to run the vulnerable machine. 2. Download LupinOne […]

Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact that it can be easily exploited by anyone is what made this more terrifying. The first edition of this attack […]

LazySysAdmin is an easy to crack VM. There are multiple ways to crack this machine, several ports and mis-configured services are present inside this box. The takeaway from this machine for me is to understand

Continue readingLazySysAdmin – Vulnhub walkthrough

Vengeance is one of the digital world.local series which makes vulnerable boxes closer to OSCP labs. This box has a lot of services and there could be multiple ways to exploit this, Below is what

Continue readingdigital world.local: Vengeance Walkthrough – OSCP Way

Recently, My focus turned more towards OSCP and I am thinking of taking the exam. After reading tons of people’s experience over Reddit, I took some notes on what would be my way of studying

Continue readingDC-9 Vulnhub Walkthrough – OSCP way

This article talks about cracking Level 13 Binary of Cyberstart CTF. The hint that was given for this challenge is “Cyclic Pattern”, which means we need to use pattern finder tool to figure out the

Continue readingThe Binary Exploitation: Stack based Buffer overflow

This article is a walkthrough for Empire LupinOne vulnerable machine. You can download this from vulnhub. The vulnerable machine is full of fuzzing and escalation of privileges by exploiting Python libraries with SUID being setup.

Continue readingEmpire: LupinOne Walkthrough – Privilege escalation through Python Libs

Last month, On December 09 2021, The release of a Remote Code Execution POC over twitter involving exploitation of Apache’s log4j2 logging class took everyone’s peace away. The attack was pretty simple and the fact

Continue readingLog4Shell Quick Lab Setup for Testing