Pinned@ro0taddictUnderstanding LLM08: Excessive Agency in LLM AppsAs LLMs become increasingly integrated into web apps, they are often equipped with a degree of “agency” — the ability to take certain…Nov 7Nov 7
Pinned@ro0taddictCloud Pentesting: Azure (Common test cases in an Azure pentest engagement )I always try to follow a general methodology when doing Azure Cloud pentest, or any type of pentest for that matter.Oct 19Oct 19
@ro0taddictAWS Pentesting: IAM Privilege Escalation via Rollback PolicyWhen conducting AWS penetration tests, one of the key privilege escalation paths I always check for is the ability to manipulate IAM policy…4d ago4d ago
@ro0taddictAWS Pentesting: Identify the AWS Account ID from a Public S3 BucketThis blog is the first in a series on AWS pentesting blogs, where I’ll use the Pwnlabs platform for hands-on labs to support continuous…Nov 11Nov 11
@ro0taddictIntro to Attack Surface Management (ASM)Its been a while since I’ve handled an ASM tool and since I still have access to a trial account of an ASM tool, why not write a blog about…Apr 10Apr 10
@ro0taddictAI/LLM-integrated Apps Penetration TestingThis is a beginner’s attempt to create a comprehensive collection of methodologies, learning materials, and other resources that are…Feb 11Feb 11
@ro0taddictCVE-2023–38960: Insecure Permission vulnerability in RaidenFTPD v2.4 build 4005 (2016/04/01)Vendor Affected:Feb 10Feb 10
@ro0taddictCVE-2023–37611: Stored XSS In Neos CMS 8.3.3I found a Stored XSS using SVG file in /neos/management/media of NeosCMS 8.3.3. CVE-2023–37611 has been issued my MITRE for this…Aug 21, 2023Aug 21, 2023