Archives

A practical guide to building an MCP server that enables AI assistants to orchestrate offensive security tools for penetration testing, with proper safety guardrails

Learn how to create LangChain tools from scratch and build a simple SOAR (Security Orchestration, Automation and Response) agent. This hands-on tutorial covers the fundamentals of tool development and agent creation for security automation.

A step-by-step walkthrough of building a basic RAG system with LangChain v1+ to query compliance regulations. This is an unoptimized POC for learning purposes, not production-ready.

Transitioning from exploratory notebooks to reliable, repeatable anomaly detection pipelines using Dagster and lightweight MLflow-based model management.

How to Compare Anomaly Detection Models Without Labels

A comprehensive theoretical guide on agent architectures and patterns used professionally in AI projects. From simple workflows to hierarchical multi-agent systems, with real-world use cases for each pattern.

Learning Normal Authentication Behavior with Autoencoders

From Windows Event Logs to Behavioral Features: Preparing Elasticsearch Data for Anomaly Detection

A comprehensive TypeScript guide for Python developers. Learn the fundamentals by comparing Python and TypeScript code, focused on offensive security tool development and MCP servers.

An in-depth exploration of Model Context Protocol (MCP), the open standard revolutionizing how AI systems interact with external data sources and tools

Container escapes, docker.sock exploitation, K8s privilege escalation and misconfigurations for HTB, CTFs and cloud pentests

SSRF, Request Smuggling, Prototype Pollution, WAF bypass, OAuth, SAML, advanced logic flaws and internal pivoting

SQLi, RCE, LFI/RFI, File Uploads, Deserialization, SSTI, Auth bypass and manual exploitation for HTB, CTFs and real-world pentests

Fast techniques, tools, and commands for HTB, CTFs and OSCP-like environments

Fast techniques, tools, and commands for HTB, CTFs and OSCP-like environments

Fast SMB, RPC and Windows service enumeration for HTB, CTFs and real-world AD pentests

Discovery, fingerprinting, content discovery, parameter fuzzing, virtual hosts and technology mapping for HTB, CTFs and real-world pentests

ACL abuses, delegations, AD CS, RBCD, Shadow Credentials, and domain privilege escalation paths

Deep dive into adversarial attacks against ML models: evasion, poisoning, and extraction. Exploring defenses, red teaming strategies, and the MITRE ATLAS framework for securing AI systems.

Fast enumeration, common attack paths, and practical commands for HTB, CTFs and OSCP-like environments

Advanced workflows, payload tricks, bypass techniques and hidden features for HTB, CTFs and real-world web exploitation

Fast techniques, tools and workflows for social, metadata, geolocation, infrastructure and digital footprint CTF challenges

A comprehensive exploration of vector embeddings, from word2vec to modern transformers, and how they enable semantic search in production systems

A deep dive into the architecture, mechanisms, and evolution of Large Language Models, from the Transformer breakthrough to modern GPT systems

Quick notes for HTB, CTFs, tunneling, data exfiltration and exposing internal services

Bruteforce, credential harvesting, hash cracking, spraying and password reuse attacks for HTB, CTFs and real-world pentests

Quick shells for HTB/CTFs: reverse shells, bind shells, web shells, upgrades and fallback techniques