Introduction I came across the “Gandalf” AI prompt injection challenge/tutorial a few days ago and spent about 45 minutes going through all the challenges. It’s a good introduction to basic prompt ...

Introduction Last weekend, I decided to participate in the Batman’s Kitchen CTF. I liked the theme of the 1990’s internet and was in the mood for some fun, so I entered solo with the goal to finish...

Introduction Did you know that it’s possible to hide a message inside a digital signature? And that a signature containing a message will pass validation checks and be indistinguishable from a sign...

Introduction I recently passed the Burp Suite Certified Practitioner exam. It took me about 8 weeks of preparation, and I passed on my second attempt. This post will be about how I prepared, my exp...

Introduction I’ve been reading up on LLM attacks lately, and decided to learn more about how they’re built into applications, and how I can set up my own environment to test out techniques. Until n...

Introduction One of the more satisfying things for me when practicing penetration testing is getting access as an administrator account, running impacket-secretsdump or mimikatz lsadump::sam, and ...

I started reading Windows Security Internals by James Forshaw to learn more about how Windows privilege escalation works. When I was first learning this stuff, I wasn’t sure why certain things work...

In my last post, I created a shellcode generator in C. Today, we’re going to write a simple shellcode loader in C that uses process injection to run the shellcode we made. Process injection is a w...

I’ve been working on my C programming skills lately, and getting more familiar with writing programs that use the Win32 API. I thought that an interesting project would be to write my own reverse s...