A spoiler-free reflection on clearing Cybernetics, a large multi-domain enterprise AD lab. Not the exploit chains, but the two things that actually got me to the end: the persistence to keep returning to the same problem for the better part of a year, and the habit of building and adapting my own operator tooling to fit the lab instead of forcing the lab to fit off-the-shelf tools.
An open-source AWS training range for learning agentic AI security. Deploy a realistic AI agent, toggle six misconfigurations via Terraform, and run five attack scenarios covering prompt injection, RAG poisoning, data exfiltration, and a full kill chain.
Part 3 of building agent-inject: manual validation of every attack scenario. The biggest challenge was not breaking things. It was building a working product and securing it while making insecure scenarios realistically demonstrate impact.
After nearly a year of pentesting Salesforce orgs, I built aura-privesc: an open-source scanner that automates Aura/Lightning privilege escalation discovery. It finds exposed objects, tests CRUD permissions, probes Apex controllers, and generates interactive HTML reports with ready-to-use proof-of-concept commands.
Part 2 of building agent-inject: automated testing against a live Bedrock agent. 41 tests across 6 scenarios revealed that the gap between expected and actual agent behaviour is where the real lessons are.