Designing identity systems that keep pace with AI-driven development Thesis: Identity systems designed for human-paced development are failing in AI-accelerated environments. To secure modern infrastructure, identity must be default-closed, zero-friction, and automation-driven. The Snap: Why Identity is Breaking We have entered an era where engineers can "vibe code" production-grade tools
Cache was a medium rated Linux box where enumerating a website found some hard-coded creds and a vhost that contained an Electronic Medical Records application. This EMR app had some SQL injection vulnerabilities that allowed a password hash to be dumped and cracked, gaining access to the EMR app. A
Admirer was an easy rated Linux machine that had a lot more steps than I expected, given the rating. A robots.txt file hinted at the presence of credentials which were found with forced browsing. One of these creds worked on the FTP service, allowing us to download a backup
Quick was a hard rated Linux box and man, did it earn that rating. A website was accessed via the QUIC protocol and a password was retrieved. A list of potential usernames was compiled from the 'normal' website and used to spray the password and get past a login page.
Magic was a medium rated Linux box that required you to find a hidden upload function then bypass its upload restrictions to execute code and catch a shell as www-data. From here, creds for mysql were stored in plaintext, allowing you to dump the database and get more creds for