Nimbus is down. Pwned the seasonal machine on HackTheBox today, cloud box with a humbling recon phase, but root felt satisfying once it clicked. 1105 XP and a few new tricks heading into the next one.
#HackTheBox#PenTesting#CTF#InfoSec#EthicalHacking
Just wrapped the OSINT: Corporate Recon module on @hackthebox_eu and honestly, recon is one of those skills that never gets old to sharpen. The deeper you go on passive intel gathering, the more you realize how much is sitting out there in plain sight.
#OSINT#HackTheBox
Wrapped up the Advanced XSS and CSRF Exploitation module on HTB
XSS chaining into CSRF bypasses is the kind of stuff that makes you rethink how much you trust "secure" web apps. Really solid hands-on content from vautia.
#PenetrationTesting#WebSecurity#XSS#CSRF#HackTheBox
Built a single-file SQLi practice lab covering INSERT, UPDATE, and DELETE injection — 9 labs, no server, opens in a browser. Enjoy them
https://t.co/HpHPSnyXCL
Finished the AI Evasion - Foundations module on HTB Academy today. Solid introduction to how AI-based defenses can be bypassed — genuinely useful for anyone doing red team work where ML detection is in the mix.
Wrapped up the Attacking AI — Application and System module on HTB Academy. 9/9 exercises, Medium difficulty — solid coverage of how AI systems actually break under attack.
The blogs are already live if you want to go deeper. ⬇️
https://t.co/BOwCG3CiXj
#HTBAcademy#AIRedTeam
Finished the AI Data Attacks module on HTB Academy, 6/6 exercises. Clean label attacks, trojans, feature poisoning. The kind of material that changes how you think about trusting a model, not just breaking one.
#HackTheBox#HTBAcademy#AdversarialML#AIRedTeaming#ML
Finished the HTB Academy LLM Output Attacks module — 15/15, and every exercise a solid reminder that what the model generates is just as dangerous as what you put in. Output is untrusted data. Treat it that way.
#LLMSecurity#AIRedTeaming#HackTheBox#OutputAttacks#COAE
Started documenting my AI attack research — the first series covers Prompt Injection Attacks, breaking down both direct and indirect injection with real techniques, payloads, and the reasoning behind why they work.
https://t.co/fQ3CUhPUIF
#AIRedTeaming#PromptInjection
Just completed Introduction to Red Teaming AI on HTB Academy learned how to identify and exploit vulnerabilities in ML systems, including model backdoors and adversarial attacks. Excited to apply these red teaming skills to strengthen AI security!
#HTBAcademy#RedTeaming#AISec
Finished HTB Academy's Applications of AI in InfoSec module today — 5/5 exercises, all done. AI in security is moving fast and knowing how it's being used on both sides of the wire feels less optional every day.
#CyberSecurity#AIinSecurity#HackTheBox#HTBacademy#InfoSec#ML
Just finished HTB's Klendathu Pro Lab — 10 hours of Active Directory chaos, Kerberos abuse, and privilege escalation. If you want to actually understand AD attacks, this is the one.
Rooted SteamCloud on HTB — kubelet API was open, grabbed a service account token from inside a pod, and used it to own the cluster. Kubernetes misconfigs hit different when you're actually inside one.
https://t.co/LITWJLrvWQ
#HackTheBox#HTB#CyberSecurity#InfoSec#PenTesting