AI Hacking 101
HackTheBox Meetup #34
Attacking AI/LLM-powered apps — prompt injection (direct and indirect), system-prompt leakage, tool/exfil abuse, and the mindset for finding these bugs.
Slides, hands-on labs and recordings from talks and workshops I’ve given. Grab whatever’s useful.
Attacking AI/LLM-powered apps — prompt injection (direct and indirect), system-prompt leakage, tool/exfil abuse, and the mindset for finding these bugs.
Attacking the browser side of web apps — DOM XSS, postMessage abuse, and other client-side primitives, with a hands-on lab.
Techniques for turning a 403 Forbidden into a 200 OK — path confusion, header tricks, and method games, with a practice lab.
An intro to web application hacking — the core bug classes and the mindset to start finding them.