CSChris Sheridaninhalosecurityhasnodedev.hashnode.dev·1d ago · 4 min readOnline vs. Offline Password Attacks: A Field Guide Password attacks are one of the first things people learn in offensive security, and one of the most commonly muddled. The confusion usually comes down to a single distinction that determines which to00
JAJavier Alonsoinejpt.hashnode.dev·2d ago · 5 min readHow I passed the eJPTv2 at 14Hey everyone! My name is Javier Alonso, I'm from Spain, and I am exactly 14 years, 1 month, and 2 days old. Today, June 29, 2026, I achieved something I was super excited about and have been working r00
CSChris Sheridaninhalosecurityhasnodedev.hashnode.dev·6d ago · 3 min readWiring Real Agents Into Halo: From Stub Orchestrator to a Working Multi-Agent Pentest Pipeline Yesterday I had five agent roles sketched out on paper. Today I actually wired them together and watched them run a real engagement against a live target — and immediately hit (and fixed) the kind of 00
CSChris Sheridaninhalosecurityhasnodedev.hashnode.dev·6d ago · 5 min readAi is doing it again: Strong armed by AI for Bitcoin JADEPUFFER is the world’s first documented case of an end-to-end autonomous, "agentic" ransomware campaign driven entirely by a Large Language Model (LLM) agent. Discovered and published by the Sysdig00
CSChris Sheridaninhalosecurityhasnodedev.hashnode.dev·6d ago · 3 min readBuilding Halo’s Multi-Agent Architecture: From Single Loop to Five Specialists Today I moved Halo from a single autonomous loop to a proper five-agent architecture: Planner, Orchestrator, Vulnerability Discovery, Attacker, and Debugger. Here’s how it came together, and what I le00
AFAeon Flex / Splicer Scorninchaincoder.hashnode.dev·Jul 6 · 11 min readThe Backdoor in Your Browser: Why You Are the Product (And How to Opt Out) You did not get hacked. You clicked “Agree and Continue.” That clean little icon in your dock, Chrome, Safari, Edge, Arc, whatever aesthetic you chose this quarter, feels like infrastructure. Like plu00
CSChris Sheridaninhalosecurityhasnodedev.hashnode.dev·Jul 6 · 2 min read GEMMA-by-GOOGLESending client data to a cloud-based AI to assist with penetration testing defeats the purpose entirely. That concern is what started Halo. Halo is an autonomous penetration testing agent that runs 1001A
CSChris Sheridaninhalosecurityhasnodedev.hashnode.dev·Jul 6 · 3 min readThe Bug That Made My Pentesting Agent Give Up The symptom I was testing a tool — httpx, used for HTTP probing — standalone from the terminal. Worked fine. Ran it through the full agent loop against the same target. The agent refused to even try i25AOC
AFAeon Flex / Splicer Scorninchaincoder.hashnode.dev·Jun 27 · 7 min readI Mapped an Entire Building’s RF Footprint Without Walking Inside. Here’s How.It started with a bet. A friend — let’s call him Marcus — works in physical security. He runs RF site surveys for corporate clients. The kind of work where you walk into a building with a spectrum ana00
LDLightning Developerintech-odyssey.hashnode.dev·Jun 18 · 6 min readAgentjacking Vulnerability: When Fake Error Reports Trick AI Coding ToolsIn the fast-moving world of AI-assisted development, new tools promise to streamline our workflows like never before. Yet recent findings highlight a clever weakness that could let outsiders slip harm00