Gl1tch | Risk - Articles

 Scenario Overview: A corporate network restricts inbound connections  but allows outbound traffic  (e.g., HTTP, HTTPS). We need to access an internal RDP (3389)  server behind the firewall from an external attacker-controlled machine. Constraints: Firewall blocks inbound RDP, SSH, and VPN. Only outbound HTTP/HTTPS is allowed. Direct reverse shells are detected. Sneaking in without getting caught, when it’s not allowed: Chisel (TCP/HTTP Tunneling) Chisel creates an encrypted tunnel  over allowed protocols (HTTP/WebSockets), bypassing firewall restrictions. Step-by-Step Exploitation 1. Setup the Chisel Server (Attacker Machine) On the attacker machine (public IP: 10.10.10.10), start the Chisel server in reverse mode (to allow victim-initiated connections): Listens on port 8080 (HTTP-friendly to evade detection). --reverse ensures ports are opened on the server (attacker) rather than the client (victim). 2. Victim Machine (Internal Network) Connects Back On the...

Artificial Intelligence and Machine Learning (AI/ML) models are rapidly becoming the bedrock of modern business operations, I had opportunity to do security assignments with AI features in different companies and I I also made lots of research and investigation, and chance to do tinkering on computer and ML models, to find more and more ways to hack these models. The whole AI thing is actually simply relying on DATA. The way it works with data is heavily relying on mathematical concepts where Prediction, Probability, discrete math, calculus, etc. But we don’t need any of these. What we want is DATA. Before hacking anything, you should first learn how it works. AI models reliance on DATA for it’s core functionality makes it vulnerable to a subtle, and devastating attack vector: data poisoning . There are other attack vectors as well, but I want to focus on DATA POISONING Technique in this text, since it’s one of the biggest attack vectors and it’s also the most difficult to secure compl...

  Bad controls can increase the attack surface significantly, compared to not having controls at all. A minimal physical barrier might offer a sliver of deterrence, poorly implemented security controls can significantly increase the attack surface compared to having no controls at all. This is because flawed controls can introduce new vulnerabilities and provide a false sense of security, making systems more susceptible to exploitation. Poorly implemented authentication might introduce bypass vulnerabilities, effectively opening up access points that wouldn't exist without it. A flawed encryption mechanism could provide a false sense of data protection while actually being easily broken, making sensitive information more readily available to attackers than if it were unencrypted but its vulnerability was known. I've seen companies that implemented an encryption mechanism, believing they had addressed security. The critical oversight was that their chosen encryption method was ...