Ideas, Observations & Stories in Cybersecurity
Introduction In the previous post, we covered indirect prompt injection — where an attacker embeds malicious instructions inside documents your RAG pipeline retrieves. By itself, that’s already a serious problem. But what happens when your system isn’t a single AI assistant? What happens when it’s a network of autonomous agents — each specializing in a…
Introduction If you’ve been following this series, you already know what prompt injection is and why it’s dangerous. But direct prompt injection — where a user manipulates the model through the chat interface — is only the tip of the iceberg. Indirect prompt injection is where things get really scary for enterprise applications. And nowhere…
If you’ve been in application security for any amount of time, you’ve seen this pattern before. A new technology arrives. Developers adopt it fast. Security teams scramble to catch up. And in the gap between adoption and understanding, attackers find a comfortable home. We saw it with cloud misconfigurations. We saw it with GraphQL. We’re…
In the realm of cybersecurity, one vulnerability that continues to haunt developers and security professionals alike is insecure deserialization. This seemingly innocuous process, crucial for transferring data between systems, harbors a myriad of risks when implemented carelessly. We delve deep into the intricacies of insecure deserialization, uncover its potential threats. I will also demonstrate practical…
Hello guys !! Hope all good at your side of the screen. Today we will discuss about the topic which everybody is talking about. I am sure we all have a same answer if someone asks how we will if our all tasks will get automated and we can sit back and relax. A big…
Amazon Web Services (AWS) is a leading cloud computing platform that provides organizations. It has a wide range of services to build and deploy applications, store data, and manage infrastructure. One of the core services offered by AWS is Amazon Simple Storage Service (S3), a scalable object storage solution designed to store and retrieve data…
As we stride into the future, the digital landscape continues to evolve, presenting new challenges and opportunities in the realm of cybersecurity. With cyber threats growing in complexity and sophistication, it’s crucial for organizations to stay abreast of the latest trends to safeguard their assets effectively. In this article, we’ll delve into the top security…
It has been a while since I posted anything here, but then life had another plans for me in past three years. Anyways cutting short the crap, today I will discuss about hashes. To be more precise, CONTEXT TRIGGERED PIECEWISE HASHES (CTPH). This term came into my mind when I was going through the Pyramid…
We have learnt the basic exploitation of Sql Injection with the help of Sqlmap in our previous posts. But there is always a step further. In this post we will see most advanced exploitation with Sqlmap. Once again 3 cheers to Kunal for helping me out for this post. In our first post of Sqlmap,…
In previous post we have seen the basic tutorial of Sqlmap and the exploitation. The exploitation was about the GET request or where the vulnerable parameter is passing in the URL. There is another aspect of Sql Injection where it happens in form based submissions. In more technical terms a POST request where the certain…