Blog
Technical deep-dives, AI security research, CTF writeups, and operational notes.
The Empty String That Bypassed JWT Verification: GHSA-gmvf-9v4p-v8jc
A zero-length HMAC key in fast-jwt 6.2.3 lets an attacker forge any JWT and pass signature verification. Here's the bug, the bypass walked through end to end, and the four-line fix that closes it.
ACCESS: root — How Autoregressive Token Prediction Fabricated a Pentest
I built HIVEMIND, a multi-agent AI attack coordinator that spawns specialized Claude Code sessions to autonomously hack networks. On its first real test, the exploit agent reported root access on an HTB machine. It was lying. Here's why, and what the math inside the model actually does.
Penetration Testing Cheatsheet
A comprehensive reference for penetration testing methodology — recon through post-exploitation, privilege escalation, Active Directory, pivoting, and password cracking.
I Built a GTG-1002 Replica and Realized I Was Already Running One
I spent a day building an autonomous AI attack operator in Go to replicate the GTG-1002 architecture. Then I realized Claude Code, the tool I used to build it, was the architecture all along.
Opus 4.7 vs 4.6 for Security Work: A Practical Model-Switching Guide
Anthropic dropped Claude Opus 4.7 today. For pentesters, bug bounty hunters, and offensive tooling devs, it's not a clean upgrade. Here's when to switch, when to stay, and why the workflow matters more than the version number.
Cerberus - A Real-Time Host Behavioral Forensics Agent
How we built an edge-analysis security agent that captures every command, detects attack chains in real time with 7 detectors and on-host ML, and reduces log volume by 90%+ before it ever leaves the host.
Hunter (Insane) from HackTheBox Sherlock investigated by Claude Opus 4.6 - DFIR
Claude Opus 4.6 autonomously investigated a compromised Windows workstation on HackTheBox. 13 out of 19 forensic questions correct on the first attempt, parsing EVTX, Prefetch, Registry, PCAP, and more on Linux.
Interpreter (Medium) from HackTheBox hacked by Claude Opus 4.6 - 20 min
Second experiment. Claude Opus 4.6 autonomously compromised the Interpreter machine on HackTheBox in 19 minutes and 56 seconds. 112 tool calls, zero human intervention.
Facts (Easy) from HackTheBox hacked by Claude Opus 4.6 - 22 min
I gave Claude Opus 4.6 a single prompt and watched it autonomously pwn a easy-difficulty HackTheBox machine in under 23 minutes. 132 tool calls, zero human intervention.
Detection Techniques
Detection & Response techniques based on Cyber Kill Chain and Unified Kill Chain.
Blue
Deploy & hack into a Windows machine, leveraging common misconfigurations issues.
Daily Bugle
Compromise a Joomla CMS account via SQLi, practise cracking hashes and escalate your privileges by taking advantage of yum.
Kenobi
Walkthrough on exploiting a Linux machine. Enumerate Samba for shares, manipulate a vulnerable version of proftpd and escalate your privileges with path variable manipulation.
Steel Mountain
Hack into a Mr. Robot themed Windows machine. Use metasploit for initial access, utilise powershell for Windows privilege escalation enumeration and learn a new technique to get Administrator access.
Vulnversity
Learn about active recon, web app attacks and privilege escalation.