As AI agents move from demos to production, a new attack surface has emerged that most security teams haven't thought about: the moment an agent fetches a URL. Traditional security tools protect humans browsing the web (URL filtering) or inspect what goes into and out of an LLM (prompt firewalls). But neither covers what happens when an agent autonomously fetches a webpage, reads it, and acts on the content. This is the URL fetch boundary — and it's largely unprotected today.

Read More

Some interesting spam emails that I have received.

Read More

Decoder-improved is an open source data transformation extension for BurpSuite that better serves the varying and expanding needs of information security professionals. It includes all of BurpSuite built-in decoder's functionalities while adding more useful features. Additionally, the plugin's functionality is straightforward to extend to accommodate any custom data encoding and decoding needs.

Read More

IntroduceThis is the walkthrough of all Natas CTF challenges from 1 to 34. (34 is still a placeholder as of 07/05/2019). Natas is a web application CTF game hosted by OverTheWire. Entrypoint: http://natas0.natas.labs.overthewire.org (login with natas0:natas0) SPOLIER ALERT!

Read More

Docker for Windows runs in a virtual machine and therefore it needs a little bit more settings to expose the ports of the docker.

Read More

Detect and convert encoding to UTF-8 in PHP.

Read More

This post shows the way to configure and deploy a JavaWeb Maven project on a remote Tomcat server.

Read More

A simple demonstration of cookie tossing.

Read More