AI Security
Breaking an AI-Powered Shell
Red teaming an AI-powered shell application — prompt injection, command injection, and sandbox escape techniques against LLM-integrated CLI tools.
AI Security
Red teaming an AI-powered shell application — prompt injection, command injection, and sandbox escape techniques against LLM-integrated CLI tools.
CTF Writeups
Minecraft server enumeration, Java JAR plugin decompilation revealing hardcoded database credentials, and trivial root access via sudo su.
CTF Writeups
Request Tracker default credentials for initial access, then KeePass crash dump memory analysis (CVE-2023-32784) to extract the root SSH key.
CTF Writeups
Exploiting the PHP 8.1.0-dev supply chain backdoor via User-Agentt header for RCE, then root through knife binary sudo privilege on Linux.
CTF Writeups
Apache ActiveMQ CVE-2023-46604 deserialization RCE for initial shell, then root via nginx sudo misconfiguration allowing config overwrite.
CTF Writeups
Discovering phpbash webshell on Apache, lateral movement to scriptmanager user, then root access by abusing a Python cron job on Linux.