cybercamp · 1 min read
Extracting hidden data in base64 from a video file and cracking encrypted PGP files using John the Ripper in challenge 2 of CyberCamp 2018.
· Manuel López Pérez · cybercamp
CyberCamp 2018 Online – 1. Toxinas aéreas (Forense)
news · 13 min
The Digital Omnibus reaches a provisional deal on 7 May: Annex III moves to December 2027. Spain approves its AI governance bill on 26 May. Pwn2Own Berlin pays out $1.3M for 47 zero-days, with Codex and Claude Code on the menu. Patch Tuesday ships with no zero-days for the first time since June 2024. OpenAI launches Daybreak and Anthropic moves Mythos toward GA. Verizon DBIR 2026 crowns vulnerability exploitation as the number-one vector. GitHub loses 3,800 internal repos to a poisoned VS Code extension.
· Manuel López Pérez
ai-security · 13 min
Three years of red team with LLMs. PentestGPT (Aalto/NTU paper, Aug 2023, USENIX 2024) opens the academic category; HackerGPT and WhiteRabbitNeo build the commercial side; XBOW (July 2025) reaches #1 globally on HackerOne with 1,060 reported vulns. Reproducible PoC with PentestGPT v2 against HackTheBox.
· Manuel López Pérez
ai-security · 17 min
Pickle as a broken legacy format, inference servers as a new HTTP attack surface, AI gateways as a pivot into the infra, and ML frameworks running with research-project security. The 2024–2026 arc with the Wiz / Oligo / JFrog / Orca / Datadog milestones and the PoCs they left behind.
· Manuel López Pérez
