AI Security
I Asked an AI About Its Security Policies: It Gave Me the API Key
A simple prompt about security policies tricked an AI chatbot into leaking its API key. Real-world case study on AI deployment security failures.
AI Security
A simple prompt about security policies tricked an AI chatbot into leaking its API key. Real-world case study on AI deployment security failures.
AI Security
Red teaming an AI-powered shell application — prompt injection, command injection, and sandbox escape techniques against LLM-integrated CLI tools.
CTF Writeups
Minecraft server enumeration, Java JAR plugin decompilation revealing hardcoded database credentials, and trivial root access via sudo su.
CTF Writeups
Request Tracker default credentials for initial access, then KeePass crash dump memory analysis (CVE-2023-32784) to extract the root SSH key.
CTF Writeups
Exploiting the PHP 8.1.0-dev supply chain backdoor via User-Agentt header for RCE, then root through knife binary sudo privilege on Linux.
CTF Writeups
Apache ActiveMQ CVE-2023-46604 deserialization RCE for initial shell, then root via nginx sudo misconfiguration allowing config overwrite.