Matryoshka (TryHackMe)
Matryoshka is a Docker container escape challenge that lives up to its name — like Russian nesting dolls, each layer you break out of reveals another one waiting beneath it. Starting from a restricted
May 12, 202610 min read3
Command Palette
Search for a command to run...
Latest articles
AI Threat Modelling (TryHackMe)
Introduction Artificial intelligence isn't something organisations are still waiting on; it's already embedded in enterprise operations. Language models handle customer support tickets. Recommendation
May 9, 202633 min read10
Sensitive Information Disclosure (TryHackMe)
Introduction Large Language Models generate responses based on patterns learned during training and on data retrieved at runtime. Unlike traditional databases, they do not enforce strict row-level acc
May 9, 202638 min read15
Understanding AI Supply Chains (TryHackMe)
TryHackMe Room: Understanding AI Supply Chains Introduction Every time you use Claude, ChatGPT, GitHub Copilot, or any AI-powered product, you are trusting a model trained somewhere, on some data, by
May 9, 202621 min read1
Jailbreaking (TryHackm)
Jailbreaking and prompt injection are not the same thing, though they are treated as interchangeable so often that the distinction has almost been lost. This room draws a clear line: prompt injection
May 9, 202629 min read7
RAG Security Fundamentals (TryHackMe)
Introduction Retrieval-Augmented Generation (RAG) allows language models to use external documents when answering questions. Instead of relying solely on training data, a RAG system retrieves relevant
May 9, 202613 min read8
Prompt Injection (TryHackMe)
Introduction Before I started this room, I thought I understood prompt injection. I had seen the term everywhere in research papers, OWASP Top 10 lists, LinkedIn posts from people who had never touche
May 9, 202630 min read3
Checkpoint (TryHackMe)
Introduction Four candidates. One gate. The checklist does not care about reputation. That is the premise of SupplySecLab's evaluation cycle, a sandboxed environment where every model must pass a full
May 9, 202617 min read6
Payload (TryHackMe)
Introduction The SOC alert arrived at 03:14. No deployments were scheduled. No changes were logged. That single line sets the tone for one of the most quietly dangerous attack scenarios in modern AI i
May 9, 20266 min read4