Posts | Shivasurya

Posts

2026

CVE-2026-33186: Bypassing gRPC-Go Authorization with a Missing Slash Apr 1

2025

2025 Wrapped Dec 20

Some thoughts around Django SQL Injection CVE-2025-64459 Nov 7

Claude Code for Security Analysis: Introducing SecureFlow CLI to Hunt Security Vulnerabilities Oct 3

Exploring fun parts of Neural Network Aug 8

Rethinking MCP or Tool Calling Through Permission Based System Jul 19

Static Analysis Isn't Enough: Understanding Library Interactions for Effective Data Flow Tracking Apr 17

Lessons from Building Sherlock: Automating Security Code Reviews with Sourcegraph Apr 10

LLM-Powered Security Reviews: Insights and Challenges Mar 19

How I Use AI to Streamline/Assist My Work Jan 28

2024

2024 Wrapped Dec 26

Books I read in 2024 Dec 19

CodeQL: Eindhoven Quantifier Notation Sep 10

Sherlock: Automate security code reviews with Cody AI Jun 27

Defining Boundaries & Sinks for Inter-procedural Source Sink Analysis - Part 3 Mar 8

Deep dive on Android Java / Kotlin Deserialization Code Execution with Semgrep Detection Jan 24

2023

2023 Wrap - Year in Review Dec 27

Building Inter-procedural Source Sink Analysis from Scratch - Part 2 Sep 1

Building A Simple Source-Sink Analysis in Java from Scratch - Part 1 Aug 27

From ArcGIS to Mapbox: How Cody AI Made My Web App Shine Jul 2

Building A Simple OpenAI Powered Personal Assistant May 19

Heap Two Writeup - Exploit Education Lab Exercise May 6

Heap One Writeup - Exploit Education Lab Exercise May 5

Heap Zero Writeup - Exploit Education Lab Exercise Apr 28

Format Four Writeup - Exploit Education Lab Exercise Apr 21

Format Three Writeup - Exploit Education Lab Exercise Apr 14

Format Two Writeup - Exploit Education Lab Exercise Apr 7

Format One Writeup - Exploit Education Lab Exercise Mar 31

CVE-2023-23397 - Zero Click Net-NTLMv2 Credential Hash Leak on Outlook Client Mar 25

HackTheBox Active Writeup - Active Directory - OSCP Practice Mar 17

Format Zero Writeup - Exploit Education Lab Exercise Mar 10

Stack Six Writeup - Exploit Education Lab Exercise Feb 26

HackTheBox Jerry Writeup - OSCP Practice Feb 24

HackTheBox OSCP Writeups - Shivasurya.me Feb 20

HackTheBox Bashed Writeup - OSCP Practice List Feb 14

Detecting Android WebView Vulnerable Configurations with Semgrep Rules - Part 1 Feb 10

Stack Five Writeup (Code Execution) - Exploit Education Lab Exercise Feb 4

Stack Four Writeup - Exploit Education Lab Exercise Jan 28

Stack Three Writeup - Exploit Education Lab Exercise Jan 27

Stack Two Writeup - Exploit Education Lab Exercise Jan 26

Stack One Writeup - Exploit Education Lab Exercise Jan 20

Stack Zero Writeup - Exploit Education Lab Exercise Jan 12

Exploit Education Lab Setup - Windows & MacOS Jan 6

2022

Binary Search and Hidden Overflow 🪲 Dec 4

Detecting Android Content Provider APIs with Semgrep Rules Nov 28

2020

Cross-Site Scripting attack on Leetcode Dec 7

Securing an ExpressJS server - Part 1 Nov 5