Security Research Blog
  • Home
  • About
  • AI Security
  • CTF
  • CVE Disclosures
  • Contact

Articles

I Asked an AI About Its Security Policies: It Gave Me the API Key

AI Security

I Asked an AI About Its Security Policies: It Gave Me the API Key

A simple prompt about security policies tricked an AI chatbot into leaking its API key. Real-world case study on AI deployment security failures.

By Onurcan Genç 13 Mar 2026 3 min read
Breaking an AI-Powered Shell

AI Security

Breaking an AI-Powered Shell

Red teaming an AI-powered shell application — prompt injection, command injection, and sandbox escape techniques against LLM-integrated CLI tools.

By Onurcan Genç 13 Mar 2026 5 min read
HTB Blocky

CTF Writeups

HTB Blocky

Minecraft server enumeration, Java JAR plugin decompilation revealing hardcoded database credentials, and trivial root access via sudo su.

By Onurcan Genç 13 Mar 2026 3 min read
HTB Keeper Writeup: How a Danish Dessert Unlocked Root Access

CTF Writeups

HTB Keeper Writeup: How a Danish Dessert Unlocked Root Access

Request Tracker default credentials for initial access, then KeePass crash dump memory analysis (CVE-2023-32784) to extract the root SSH key.

By Onurcan Genç 13 Mar 2026 4 min read
HTB Knife: PHP 8.1.0-dev Supply Chain Backdoor RCE to Root

CTF Writeups

HTB Knife: PHP 8.1.0-dev Supply Chain Backdoor RCE to Root

Exploiting the PHP 8.1.0-dev supply chain backdoor via User-Agentt header for RCE, then root through knife binary sudo privilege on Linux.

By Onurcan Genç 13 Mar 2026 3 min read
HTB Broker Writeup

CTF Writeups

HTB Broker Writeup

Apache ActiveMQ CVE-2023-46604 deserialization RCE for initial shell, then root via nginx sudo misconfiguration allowing config overwrite.

By Onurcan Genç 13 Mar 2026 4 min read
← Newer posts Page 5 of 7 Older posts →
Security Research Blog
  • Privacy Policy
  • GitHub
  • RSS
© 2026 Security Research Blog