Securing AI systems without overconfidence or fear โ€“ Part 1: Why the pentesting playbook doesn’t fit: belief, assumptions, and non-determinism

This is the first of five posts on testing AI systems securely. If you've shipped or evaluated AI in production, you've probably felt it: the test suite passes, coverage looks good, and something still nags. *What are we actually validating?* That gap is what this series addresses.

Rootless Containers with Podman

In modern digital infrastructure, containerization has become one of the most significant technologies, offering automation, portability, and resilience of services across cloud and on-premises environments. Containers can simplify backup processes and enhance upgrade safety while significantly reducing recovery times following system incidents or failed updates.This article provides an overview of the container technology and focuses … Continue reading Rootless Containers with Podman

OWASP Top 10 2025 – A Pentester’s Perspective

Every three to four years, OWASP releases a new version of arguably its most famous project, the โ€œOWASP Top Tenโ€. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few … Continue reading OWASP Top 10 2025 – A Pentester’s Perspective

Patching Android ARM64 library initializers for easy Frida instrumentation and debugging

Intro During both mobile security and mobile resiliency assessments, you often end up instrumenting the application to analyze its internals. By using either Frida or a classical debugger, we can gain valuable insight into the data flows and also modify some data on the fly to make the application behave the way we want it … Continue reading Patching Android ARM64 library initializers for easy Frida instrumentation and debugging

Stop Hardcoding Passwords

A Deep Dive into CyberArkโ€™s Central CredentialProvider (CCP) Introduction Hardcoded credentials are still among the most critical and overlooked security flaws in modern software development. From leaked Git repos to reverse-engineered binaries, static passwords are easy targets. They also make rotation and access control almost impossible. Enter CyberArkโ€™s Central Credential Provider (CCP): a secure, centralized … Continue reading Stop Hardcoding Passwords