https://purplesec.org/ Offensive and defensive cybersecurity writeups, vulnerability research, and security blog by Bilash J. Shahi. Tue, 16 Jun 2026 10:34:38 -0000 en-us PurpleSec Custom RSS elodvk@proton.me (Bilash J. Shahi) https://purplesec.org/blog/badsuccessor-cve-2025-53779/ The definitive technical analysis of BadSuccessor (CVE-2025-53779). Covers the full history of dMSA, Akamai's discovery, Kerberos PAC mechanics, Microsoft's controversial response, public PoC tools, the Ouroboros persistence technique, SIEM detection rules, and enterprise mitigations. Mon, 15 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/badsuccessor-cve-2025-53779/ elodvk@proton.me (Bilash J. Shahi) Active Directory CVE-2025-53779 BadSuccessor Windows Server 2025 Privilege Escalation https://purplesec.org/blog/anthropic-fable-mythos-export-control/ A deep dive into the recent U.S. government export control directive targeting Anthropic's Fable 5 and Mythos 5 models, the global shutdown, and the jailbreak controversy. Sat, 13 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/anthropic-fable-mythos-export-control/ elodvk@proton.me (Bilash J. Shahi) AI Export Control Anthropic Cybersecurity Policy https://purplesec.org/blog/quantum-computing-and-pki/ A comprehensive deep dive into how quantum computing threatens to dismantle Public Key Infrastructure (PKI), the backbone of internet security. Covers Shor's and Grover's algorithms, the Harvest Now Decrypt Later threat, NIST's post-quantum standards (ML-KEM, ML-DSA, SLH-DSA), real-world hybrid TLS deployments by Google and Cloudflare, Quantum Key Distribution vs PQC, cryptographic agility, and a practical enterprise migration checklist. Fri, 12 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/quantum-computing-and-pki/ elodvk@proton.me (Bilash J. Shahi) Quantum Computing PKI Post-Quantum Cryptography Cryptography TLS https://purplesec.org/blog/june-2026-patch-tuesday/ A deep-dive into June 2026 Patch Tuesday — the largest in Microsoft history, patching 206 CVEs including 3 zero-days, a wormable Windows Kernel RCE (CVSS 9.8), an actively exploited Defender EoP, and two separate BitLocker bypasses (YellowKey & Bitskrieg). Thu, 11 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/june-2026-patch-tuesday/ elodvk@proton.me (Bilash J. Shahi) Patch Tuesday Microsoft CVE Windows BitLocker https://purplesec.org/blog/npm-supply-chain-security/ A deep dive into the npm v12 security overhaul arriving July 2026, the supply chain attacks that forced it, and a practical guide to preparing your projects — covering lifecycle script lockdown, Trusted Publishing, provenance attestations, and lessons from event-stream, colors.js, Shai-Hulud, and the chalk/debug compromise. Thu, 11 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/npm-supply-chain-security/ elodvk@proton.me (Bilash J. Shahi) npm GitHub Supply Chain Security Software Security DevSecOps https://purplesec.org/blog/nvidia-rtx-dgx-spark/ An in-depth look at NVIDIA RTX Spark and DGX Spark — the new personal AI supercomputers powered by Grace Blackwell silicon. From the 128GB unified memory architecture to running 200B-parameter models locally, we explore what these machines mean for developers, researchers, and the local LLM community. Thu, 11 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/nvidia-rtx-dgx-spark/ elodvk@proton.me (Bilash J. Shahi) NVIDIA AI LLM DGX Spark RTX Spark https://purplesec.org/blog/when_ai_messes_up/ A deep dive into three major incidents where artificial intelligence systems failed spectacularly, resulting in financial loss, legal liability, and public relations nightmares. Wed, 10 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/when_ai_messes_up/ elodvk@proton.me (Bilash J. Shahi) AI Machine Learning Case Studies Incident Response Cybersecurity https://purplesec.org/blog/nightmare_eclipse_zero_days/ The definitive case study on the Nightmare Eclipse zero-day campaign against Microsoft. Covers all 8+ exploits (YellowKey, BlueHammer, RedSun, UnDefend, RoguePlanet, GreatXML), the researcher's identity and motivations, CVE details, patch status, CISA KEV entries, detection strategies, and the broader vulnerability disclosure debate. Wed, 10 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/nightmare_eclipse_zero_days/ elodvk@proton.me (Bilash J. Shahi) Zero-Day Microsoft Vulnerability Disclosure Nightmare Eclipse Case Study https://purplesec.org/blog/CVE-2026-45585_YellowKey_DeepDive/ A comprehensive technical deep dive into CVE-2026-45585 (YellowKey), a critical physical access vulnerability that completely bypasses Microsoft BitLocker encryption. Tue, 09 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/CVE-2026-45585_YellowKey_DeepDive/ elodvk@proton.me (Bilash J. Shahi) CVE-2026-45585 BitLocker YellowKey Windows Physical Security https://purplesec.org/blog/Meta_AI_Support_Hack_Blog/ A deep dive into the 2026 Meta AI support hack, exploring how attackers socially engineered an AI chatbot to bypass IAM and reset Instagram passwords. Tue, 09 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/Meta_AI_Support_Hack_Blog/ elodvk@proton.me (Bilash J. Shahi) Meta AI Security Social Engineering https://purplesec.org/blog/comprehensive_ai_guide/ A comprehensive guide to modern AI, explaining core concepts like LLMs, RAG, embeddings, local deployment, and practical cybersecurity risks. Tue, 09 Jun 2026 00:00:00 -0000 https://purplesec.org/blog/comprehensive_ai_guide/ elodvk@proton.me (Bilash J. Shahi) AI Machine Learning Large Language Models RAG Local AI https://purplesec.org/blog/pnpt-review/ A candid review of the Practical Network Penetration Tester (PNPT) exam, featuring tips, lessons learned, and active directory exploitation strategies. Wed, 22 Oct 2025 00:00:00 -0000 https://purplesec.org/blog/pnpt-review/ elodvk@proton.me (Bilash J. Shahi) TCM Security PNPT Practical Network Penetration Tester Active Directory