Pedro Mora
RSS FeedIAM Architect exploring the intersection of identity, AI security, and personal intelligence systems.
I build and document practical systems around IAM, Okta, PAM, agentic AI, security labs, and disciplined personal execution.
IAM Architecture
Identity systems, Okta, PAM, and real-world architecture patterns.
AI Security
Agentic AI, LLM risk, and secure adoption of AI systems.
Labs & Writeups
HTB, threat models, practical security learning, and technical notes.
Personal Systems
Personal AI Infrastructure (NOESIS), Obsidian, BJJ, kettlebells, Bonsai, Philosophy, and execution.
I occasionally collaborate on IAM, Okta, PAM, and AI security.
Featured
-
Okta Certified Professional — Lab: Users, Groups, and App Assignment
Hands-on lab notes from Okta Professional cert prep: build the baseline directory — users, groups, custom profile attributes, group rules — then wire up a Bookmark app and a SAML 2.0 integration.
-
HTB Redeemer — Reading an Agent's Memory
HackTheBox Redeemer exploits unauthenticated Redis to enumerate and extract stored keys. In agentic AI systems, an open Redis instance doesn't just leak cached data — it exposes the agent's working memory, and with write access, lets an attacker inject false context the agent will act on.
Recent Posts
-
Okta Certified Professional — Lab: Okta-to-Okta Inbound SAML Federation
Hands-on lab notes from Okta Professional cert prep: build inbound SAML federation between two Okta orgs — one acting as IdP, the other as the inbound SP — with JIT provisioning and end-to-end System Log validation.
-
HTB Responder — LFI to NTLM Hash Capture
HackTheBox Responder exploits an LFI vulnerability to force the Windows server to authenticate to a rogue SMB server, capturing and cracking the administrator's NetNTLMv2 hash. The same pattern — user-controlled input redirecting an authenticated outbound connection — shows up in LLM agents leaking API tokens via prompt injection.
-
HTB Crocodile — The Credential Chain
HackTheBox Crocodile chains anonymous FTP credential disclosure into a hidden web admin login. Same structural failure shows up in agentic systems when leaked API keys legitimately authenticate into production tool-use endpoints.
-
HTB Sequel — Blank Root on MariaDB
HackTheBox Sequel exploits a MariaDB instance bound to the public interface with a blank-password root account. Same structural failure as agentic systems wired with admin-level API tokens that any caller can trigger.
-
Okta Certified Professional — Lab: Admin Roles and Delegated Administration
Hands-on lab notes from Okta Professional cert prep: assign a delegated admin role to a user, then move the role to a group so any member inherits limited admin rights — the realistic IAM pattern.
-
Okta Certified Professional — Lab: User Lifecycle States (Suspend, Password Reset, Deactivate)
Hands-on lab notes from Okta Professional cert prep: walk a user through Active → Suspended → Password Reset → Deactivated, observe authentication behavior at each step, and verify lifecycle events in the System Log.