Demonstrates practical attacks on production RAG systems using prompt injection and context pollution. Includes working exploit code against Azure OpenAI deployments and mitigation strategies for defenders.
SSSD-Extract tool: dump AD account hashes, group memberships, and user accounts from Linux systems with SSSD credential caching enabled.
Complete HTB machine list for OSEP prep: client-side code execution, process injection, AV/AppLocker bypass, AD lateral movement, credential dumping.
PHP functions dangerous when exposed: command execution, code evaluation, callbacks, filesystem manipulation, and information disclosure vectors.
Practical implementation of CBC and CTR modes: IV management, nonce-based encryption, padding schemes (TLS), and security bounds.
Week 2-3: Block ciphers, PRP security, one-time key modes (ECB/DET-CTR), many-time key modes (CBC/CTR), IV/nonce-based encryption.
This post contains all trainings and tutorials that could be useful for offensive security’s OSWE certification.
Tutorial-level walkthrough of Microcorruption CTF on MSP430 microcontroller with debugger techniques and vulnerability identification.
Week 1 foundations: stream ciphers, PRG security definitions, birthday paradox, attacks on OTP/RC4/CSS, and Salsa20 construction.