Posts

All the articles I've posted.

• Okta Certified Professional — Lab 2: Global Session Policy

  6 May, 2026

  Hands-on lab notes from Okta Professional cert prep: configure a Global Session Policy to enforce MFA at the Okta session layer for a specific group, and understand how it differs from enrollment and app authentication policies.

• Okta Certified Professional — Lab 1: Authenticator Enrollment Policy

  5 May, 2026

  Hands-on lab notes from Okta Professional cert prep: configure an authenticator enrollment policy to enforce MFA for a specific group, then validate behavior via the system log.

• Okta Certified Professional — Lab: Users, Groups, and App Assignment

  3 May, 2026

  Hands-on lab notes from Okta Professional cert prep: build the baseline directory — users, groups, custom profile attributes, group rules — then wire up a Bookmark app and a SAML 2.0 integration.

• HTB Appointment — SQL Injection Skips the Lock

  15 Apr, 2026

  HackTheBox Appointment exploits a login form that concatenates user input directly into a SQL query. One comment character silences the password check entirely — the same structural failure that makes LLM agents vulnerable to prompt injection.

• HTB Preignition — Finding the Door They Forgot

  6 Apr, 2026

  HackTheBox Preignition combines directory enumeration with default credentials to compromise an nginx web server. The same attack pattern — find the management interface, try the default key — is how AI agent tool endpoints get compromised in practice.

• HTB Dancing — When the File Share Has No Lock

  3 Apr, 2026

  HackTheBox Dancing exploits unauthenticated SMB share access on a Windows host. The failure — a storage layer with no credential gate — is structurally identical to the unprotected vector databases and RAG retrieval endpoints showing up in production AI deployments.

• HTB Redeemer — Reading an Agent's Memory

  13 Mar, 2026

  HackTheBox Redeemer exploits unauthenticated Redis to enumerate and extract stored keys. In agentic AI systems, an open Redis instance doesn't just leak cached data — it exposes the agent's working memory, and with write access, lets an attacker inject false context the agent will act on.

• HTB Fawn — The FTP Door Left Open

  9 Mar, 2026

  HackTheBox Fawn exploits anonymous FTP login on vsftpd 3.0.3. The same pattern — a data store designed for openness that was never locked down — maps directly to unauthenticated vector databases in production AI deployments.