LLMs Full Content

# Shivasurya - Full Content Index

> Software security engineer who believes open-source levels the playing field.

## All Blog Posts

### CVE-2026-33186: Bypassing gRPC-Go Authorization with a Missing Slash
- Date: 2026-04-01
- URL: http://shivasurya.me/2026/04/01/cve-2026-33186-grpc-go-authorization-bypass/
- Description: CVE-2026-33186 - A path normalization flaw in grpc-go v1.79.2 and earlier allows attackers to bypass path-based authorization interceptors by omitting the leading slash.
- Categories: security, cve
- Tags: security, grpc-go, cve, authorization-bypass

### 2025 Wrapped
- Date: 2025-12-20
- URL: http://shivasurya.me/2025/12/20/2025-wrapped/
- Description: Blog post about 2025 Wrap & Reflection
- Categories: wrap, reflection
- Tags: productivity, review

### Some thoughts around Django SQL Injection CVE-2025-64459
- Date: 2025-11-07
- URL: http://shivasurya.me/2025/11/07/django-sql-injection-CVE-2025-64459/
- Description: Some thoughts around Django SQL Injection CVE-2025-64459
- Categories: security, django
- Tags: security, django, sql-injection, cve-2025-64459

### Claude Code for Security Analysis: Introducing SecureFlow CLI to Hunt Security Vulnerabilities
- Date: 2025-10-03
- URL: http://shivasurya.me/2025/10/03/introducing-secureflow-cli-to-hunt-vulnerabilities-claude-code-for-security-analysis/
- Description: AI-powered security scanning tool using agentic loops to hunt vulnerabilities - discovered 300+ issues in WordPress plugins with 12+ AI model support and DefectDojo integration.
- Categories: security, ai, sast
- Tags: security, ai, secureflow, cli, vulnerability-scanning

### Exploring fun parts of Neural Network
- Date: 2025-08-08
- URL: http://shivasurya.me/2025/08/08/neural-network/
- Description: Purely exploration blog post and thoughts around neural network
- Categories: neural-networks
- Tags: security

### Rethinking MCP or Tool Calling Through Permission Based System
- Date: 2025-07-19
- URL: http://shivasurya.me/2025/07/19/mcp-permission-system/
- Description: Explore a permission-based security model for MCP and Tool Calling in LLMs, inspired by Android's runtime permissions, to protect sensitive data while maintaining functionality.
- Categories: llm, ai
- Tags: mcp, security

### Static Analysis Isn't Enough: Understanding Library Interactions for Effective Data Flow Tracking
- Date: 2025-04-17
- URL: http://shivasurya.me/2025/04/17/static-analysis-isnt-enough-understanding-library-interactions-for-effective-data-flow-tracking/
- Description: Static analysis tools go blind without understanding library calls – learn why modeling them is critical for finding real security flaws.
- Categories: llm, ai
- Tags: sast, security

### Lessons from Building Sherlock: Automating Security Code Reviews with Sourcegraph
- Date: 2025-04-10
- URL: http://shivasurya.me/2025/04/10/lessons-from-building-sherlock-automating-security-code-reviews-with-sourcegraph/
- Description: Explore how Sherlock leverages Sourcegraph to automate security code reviews, enhancing productivity and ensuring robust code security.
- Categories: llm, ai
- Tags: productivity, security

### LLM-Powered Security Reviews: Insights and Challenges
- Date: 2025-03-19
- URL: http://shivasurya.me/2025/03/19/llm-powered-security-reviews/
- Description: Exploring the potential and challenges of LLM-assisted security reviews
- Categories: llm, ai
- Tags: productivity, security

### How I Use AI to Streamline/Assist My Work
- Date: 2025-01-28
- URL: http://shivasurya.me/2025/01/28/how-i-use-llm-workflows/
- Description: A short blog post on how I leverage LLMs (AI) to streamline or assist my work
- Categories: llm, ai
- Tags: productivity

### 2024 Wrapped
- Date: 2024-12-26
- URL: http://shivasurya.me/2024/12/26/2024-wrapped/
- Description: Blog post about 2024 Wrap & Reflection
- Categories: wrap, reflection
- Tags: productivity, review

### Books I read in 2024
- Date: 2024-12-19
- URL: http://shivasurya.me/2024/12/19/books-i-read-2024/
- Description: Books I read in 2024
- Categories: books, reading
- Tags: productivity

### CodeQL: Eindhoven Quantifier Notation
- Date: 2024-09-10
- URL: http://shivasurya.me/2024/09/10/codeql-eindhoven-quantifier-notation/
- Description: This blog post will discuss about Eindhoven Quantifier Notation adopted by CodeQL
- Categories: security, tooling, sast
- Tags: programming, productivity

### Sherlock: Automate security code reviews with Cody AI
- Date: 2024-06-27
- URL: http://shivasurya.me/2024/06/27/automate-security-code-reviews-with-cody-ai/
- Description: This blog post will discuss about semi-autonomous way to perform security code reviews
- Categories: security-reviews, sast
- Tags: programming, productivity

### Defining Boundaries & Sinks for Inter-procedural Source Sink Analysis - Part 3
- Date: 2024-03-08
- URL: http://shivasurya.me/2024/03/08/building-inter-procedural-source-sink-analysis-from-scratch-part-3/
- Description: Defining Boundaries & Sinks for Inter-procedural Source Sink Analysis - Part 3
- Categories: static-analysis, sast
- Tags: programming, productivity

### Deep dive on Android Java / Kotlin Deserialization Code Execution with Semgrep Detection
- Date: 2024-01-24
- URL: http://shivasurya.me/2024/01/24/java-deserialization-rce-android-application-layer/
- Description: Code Execution via Java & Kotlin Deserialization in Android Application
- Categories: security, android, android-security
- Tags: programming, productivity

### 2023 Wrap - Year in Review
- Date: 2023-12-27
- URL: http://shivasurya.me/2023/12/27/2023-wrap/
- Description: Blog post about 2023 Wrap & Reflection
- Categories: wrap, reflection
- Tags: productivity, review

### Building Inter-procedural Source Sink Analysis from Scratch - Part 2
- Date: 2023-09-01
- URL: http://shivasurya.me/2023/09/01/building-inter-procedural-source-sink-analysis-from-scratch-part-2/
- Description: Building Inter-procedural Source Sink Analysis from Scratch - Part 2
- Categories: static-analysis, sast
- Tags: programming, productivity

### Building A Simple Source-Sink Analysis in Java from Scratch - Part 1
- Date: 2023-08-27
- URL: http://shivasurya.me/2023/08/27/building-simple-source-sink-analysis-from-scratch-part-1/
- Description: Building a simple source sink analysis in Java from scratch.
- Categories: static-analysis, sast
- Tags: programming, productivity

### From ArcGIS to Mapbox: How Cody AI Made My Web App Shine
- Date: 2023-07-02
- URL: http://shivasurya.me/2023/07/02/sourcegraph-cody/
- Description: Discover how Cody AI, the magic AI Assistant, helped me seamlessly upgrade my web app from ArcGIS to Mapbox map, making it responsive for mobile users.
- Categories: cody, sourcegraph, ai
- Tags: programming, productivity

### Building A Simple OpenAI Powered Personal Assistant
- Date: 2023-05-19
- URL: http://shivasurya.me/2023/05/19/building-first-openai-powered-personal-assistant-app/
- Description: This blog post covers building a basic semantic search over a pdf document using OpenAI API and Python.
- Categories: openai, embeddings, semantic-search
- Tags: openai, semantic-search

### Heap Two Writeup - Exploit Education Lab Exercise
- Date: 2023-05-06
- URL: http://shivasurya.me/2023/05/06/exploit-education-heap-two-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Heap Two exercise heap buffer overflow and Use-After-Free (UAF) vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems, use-after-free

### Heap One Writeup - Exploit Education Lab Exercise
- Date: 2023-05-05
- URL: http://shivasurya.me/2023/05/05/exploit-education-heap-one-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Heap One exercise heap buffer overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Heap Zero Writeup - Exploit Education Lab Exercise
- Date: 2023-04-28
- URL: http://shivasurya.me/2023/04/28/exploit-education-format-heap-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Heap Zero exercise heap buffer overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Format Four Writeup - Exploit Education Lab Exercise
- Date: 2023-04-21
- URL: http://shivasurya.me/2023/04/21/exploit-education-format-four-exercise-writeup/
- Description: A comprehensive writeup that helps to understand format-four exercise - format string vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Format Three Writeup - Exploit Education Lab Exercise
- Date: 2023-04-14
- URL: http://shivasurya.me/2023/04/14/exploit-education-format-three-exercise-writeup/
- Description: A comprehensive writeup that helps to understand format-three exercise - format string vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Format Two Writeup - Exploit Education Lab Exercise
- Date: 2023-04-07
- URL: http://shivasurya.me/2023/04/07/exploit-education-format-two-exercise-writeup/
- Description: A comprehensive writeup that helps to understand format-two exercise - format string vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Format One Writeup - Exploit Education Lab Exercise
- Date: 2023-03-31
- URL: http://shivasurya.me/2023/03/31/exploit-education-format-one-exercise-writeup/
- Description: A comprehensive writeup that helps to understand format one exercise format string vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### CVE-2023-23397 - Zero Click Net-NTLMv2 Credential Hash Leak on Outlook Client
- Date: 2023-03-25
- URL: http://shivasurya.me/2023/03/25/CVE-2023-23397-vulnerability-deep-dive-and-poc/
- Description: A comprehensive writeup that helps to understand Zero Click Net-NTLMv2 Credential Hash on Outlook Client.
- Categories: security, cve, vulnerability
- Tags: security, cve, vulnerability, windows

### HackTheBox Active Writeup - Active Directory - OSCP Practice
- Date: 2023-03-17
- URL: http://shivasurya.me/2023/03/17/hackthebox-active-writeup-oscp-active-directory/
- Description: A comprehensive writeup on HackTheBox Active VM which helps learn and practice for OSCP Active Directory Track.
- Categories: security, hackthebox, oscp-writeups, friday-gems, active-directory
- Tags: security, hackthebox, oscp

### Format Zero Writeup - Exploit Education Lab Exercise
- Date: 2023-03-10
- URL: http://shivasurya.me/2023/03/10/exploit-education-format-zero-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Format Zero exercise format string vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Stack Six Writeup - Exploit Education Lab Exercise
- Date: 2023-02-26
- URL: http://shivasurya.me/2023/02/26/exploit-education-stack-six-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Stack Six exercise stack-overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### HackTheBox Jerry Writeup - OSCP Practice
- Date: 2023-02-24
- URL: http://shivasurya.me/2023/02/24/hackthebox-jerry-writeup-oscp/
- Description: A comprehensive writeup on HackTheBox Jerry VM which helps learn and practice for OSCP.
- Categories: security, hackthebox, oscp-writeups, thursday-snack
- Tags: security, hackthebox, oscp

### HackTheBox OSCP Writeups - Shivasurya.me
- Date: 2023-02-20
- URL: http://shivasurya.me/2023/02/20/hackthebox-oscp-writeups/
- Description: A Index of HackTheBox OSCP Machine Writeups.
- Categories: security, hackthebox, oscp-writeups
- Tags: security, hackthebox, oscp

### HackTheBox Bashed Writeup - OSCP Practice List
- Date: 2023-02-14
- URL: http://shivasurya.me/2023/02/14/hackthebox-bashed-writeup-oscp/
- Description: A comprehensive writeup on HackTheBox Bashed VM which helps learn and practice for OSCP.
- Categories: security, hackthebox, oscp-writeups, thursday-snack
- Tags: security, hackthebox, oscp

### Detecting Android WebView Vulnerable Configurations with Semgrep Rules - Part 1
- Date: 2023-02-10
- URL: http://shivasurya.me/2023/02/10/android-webview-vulnerabilities-semgrep-rules-detection/
- Description: Android Webview has multiple security configuration that may lead to security vulnerabilities. <br /> We'll take a deep dive into those webview configs, breakdown vulnerable configs and leverage semgrep to identify those pattern.
- Categories: security, android, android-security
- Tags: security, android

### Stack Five Writeup (Code Execution) - Exploit Education Lab Exercise
- Date: 2023-02-04
- URL: http://shivasurya.me/2023/02/04/exploit-education-stack-five-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Stack Five exercise stack-overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Stack Four Writeup - Exploit Education Lab Exercise
- Date: 2023-01-28
- URL: http://shivasurya.me/2023/01/28/exploit-education-stack-four-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Stack Four exercise stack-overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Stack Three Writeup - Exploit Education Lab Exercise
- Date: 2023-01-27
- URL: http://shivasurya.me/2023/01/27/exploit-education-stack-three-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Stack Three exercise stack-overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Stack Two Writeup - Exploit Education Lab Exercise
- Date: 2023-01-26
- URL: http://shivasurya.me/2023/01/26/exploit-education-stack-two-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Stack Two exercise stack-overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Stack One Writeup - Exploit Education Lab Exercise
- Date: 2023-01-20
- URL: http://shivasurya.me/2023/01/20/exploit-education-stack-one-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Stack One exercise stack-overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Stack Zero Writeup - Exploit Education Lab Exercise
- Date: 2023-01-12
- URL: http://shivasurya.me/2023/01/12/exploit-education-stack-zero-exercise-writeup/
- Description: A comprehensive writeup that helps to understand Stack Zero exercise stack-overflow vulnerability with learning resources.
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Exploit Education Lab Setup - Windows & MacOS
- Date: 2023-01-06
- URL: http://shivasurya.me/2023/01/06/exploit-education-lab-setup/
- Description: Basic exploit.education lab setup for memory corruption based security bugs
- Categories: security, binary-exploit, reverse-engineering, friday-gems
- Tags: security, binary-exploitation, friday-gems

### Binary Search and Hidden Overflow 🪲
- Date: 2022-12-04
- URL: http://shivasurya.me/2022/12/04/binary-search-overflow/
- Description: Interesting post on integer overflow while performing a basic binary search
- Categories: security, programming, overflow
- Tags: security, programming

### Detecting Android Content Provider APIs with Semgrep Rules
- Date: 2022-11-28
- URL: http://shivasurya.me/2022/11/28/android-content-provider-semgrep-detection/
- Description: Content provider APIs are powerful way to expose data to internal or external apps within Android ecosystem. However, there are lot of ways these APIs are implemented with flaws that leads to serious data leakage and even Remote code execution.
- Categories: security, android, android-security
- Tags: security, android

### Cross-Site Scripting attack on Leetcode
- Date: 2020-12-07
- URL: http://shivasurya.me/2020/12/07/leetcode-xss/
- Description: DOM Cross-Site Scripting attack on leetcode.com.
- Categories: security, server, client-security
- Tags: security, waf, xss

### Securing an ExpressJS server - Part 1
- Date: 2020-11-05
- URL: http://shivasurya.me/2020/11/05/securing-express-server-part-1/
- Description: Strategies for securing expressjs server.
- Categories: security, server, nodejs
- Tags: security, waf