Feb 13 · 11 min read · I've been thinking a lot about how we talk to AI agents and what happens when the conversation goes long enough. Not in a theoretical sense -- I spent about 10 hours in a single session with Pulumi's Neo agent, and somewhere around hour three, someth...
Join discussion
Jan 29 · 6 min read · Reconnaissance has always been the foundation of offensive security. Before exploitation, before payloads, before privilege escalation, there is recon. What has changed is not the importance of recon, but its nature. The image above represents a new ...
Join discussion
Jan 26 · 5 min read · On the 15th of January at 11pm (UTC+2), I took the CRTSv2 exam, and by 1:45am the next day, I had sent my exam report to be graded — that’s 2 hours and 45 minutes. I was quite happy with that, but maybe the exam is just easier than advertised… I boug...
Join discussion
Sep 16, 2025 · 3 min read · Offensive security is the practice of thinking and acting like an attacker — but with permission. It’s about finding the weak spots an adversary would exploit, then fixing them before anyone with bad intent finds them first. I know some people will s...
Join discussion
Sep 13, 2025 · 12 min read · Les techniques de Living-off-the-Land (LotL) représentent aujourd'hui l'une des méthodes d'attaque les plus sophistiquées et insidieuses dans le domaine de la cybersécurité. Ces techniques exploitent les outils légitimes déjà présents sur les système...
Join discussion
Jul 12, 2025 · 4 min read · I thought I’d post after learning web basics. But then I kept going.I figured—why stop at the gate when the whole castle is in sight? Yeah… it’s been a minute. This blog was supposed to drop right after I finished the basics of web exploitation. That...
Join discussion
May 19, 2025 · 3 min read · AI models are getting better every day—but there are people try to break them. And if you’ve ever deployed a model into the wild, you probably already know: what works in the lab doesn’t always hold up under real-world pressure. 👉That’s where red te...
Join discussionApr 22, 2025 · 11 min read · Introdução Esses dias descobri que cerca de 5% das vulnerabilidades de segurança em aplicações Node.js são causadas por ReDoS e isso me surpreendeu. Também conhecido como Regular Expression Denial of Service, o ReDoS é um tipo de vulnerabilidade que ...
Join discussion
Mar 24, 2025 · 5 min read · Red Teaming LLM Applications: A Weekend Learning Journey This weekend, I dove into the fascinating world of Red Teaming LLM Applications. In my exploration, I learned how to use large language models (LLMs) not only for regular tasks but also to stre...
Join discussion
Sep 8, 2024 · 1 min read · Lets understand MITRE ATT&CK framework in simple way. What is MITRE ATT&CK ? It was developed and released by MITRE Corporation.A non-profit organization in 2015.Acronym ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge.It acts a...
Join discussion