https://blog.devploit.dev/Real-world infosec, no hype. 2026-04-04T01:20:04+00:00 Daniel Púa https://blog.devploit.dev/ Jekyll © 2026 Daniel Púa /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2025-04-14T00:00:00+00:00 2025-04-14T06:24:11+00:00 https://blog.devploit.dev/posts/defcon-quals-2025-memorybank/ Daniel Púa

Introduction As a web hacking enthusiast, I typically focus on web-based CTF challenges. However, due to the lack of such challenges in DEFCON Quals 2025, I decided to tackle the Memory Bank challenge, which, though not strictly web-based, shared some similarities in nature. In this white-box CTF challenge, we had full access to the application code, allowing us to understand and exploit the ...

2024-07-03T00:00:00+00:00 2024-07-04T07:13:29+00:00 https://blog.devploit.dev/posts/cracking-gandalf-conquering-the-lakera-ai-security-challenge/ Daniel Púa

Gandalf by Lakera is an engaging and educational online challenge designed to test and improve your skills in manipulating large language models (LLMs). Named after the wise wizard from “The Lord of the Rings”, this game involves progressively difficult levels where you must use clever prompts to make the AI reveal a secret password. The challenge is not just a fun exercise; it also serves to ...

2024-06-25T00:00:00+00:00 2024-06-25T20:27:01+00:00 https://blog.devploit.dev/posts/hacking-the-mind-of-ai-pentesting-large-language-models/ Daniel Púa

Pentesting Large Language Models (LLMs) is crucial to ensure they operate securely and do not expose vulnerabilities that can be exploited by attackers. Based on OWASP’s Top 10 vulnerabilities for LLM applications, this post details each vulnerability, examples of exploitation, and mitigation measures. What is an LLM? Large Language Models (LLMs) are AI algorithms designed to understand and...