jankesec

jankesecPentest notes, vulnerability research, and practical web security analysis.https://jankesec.com/GitHub Issue to Supply Chain Compromise: How Prompt Injection Turned AI Agents into the New CI/CD Kill Chainhttps://jankesec.com/blog/ai-agent-prompt-injection-supply-chain/https://jankesec.com/blog/ai-agent-prompt-injection-supply-chain/When a single GitHub issue can poison an AI agent, steal pipeline credentials, and publish malicious packages to production registries — all without a single binary payload.Sat, 13 Jun 2026 00:00:00 GMTWeaponizing Secure Email Gateways: When the Sandbox Clicks for the Attackerhttps://jankesec.com/blog/weaponizing-secure-email-gateways/https://jankesec.com/blog/weaponizing-secure-email-gateways/When the SEG's sandbox click triggers real actions, the defender becomes the attacker's proxy.Thu, 11 Jun 2026 00:00:00 GMTFrom Zero to Root: Automating the Logsign Pre-Auth RCE Chain in Metasploithttps://jankesec.com/blog/logsign-pre-auth-rce-metasploit/https://jankesec.com/blog/logsign-pre-auth-rce-metasploit/Chaining CVE-2024-5716 and CVE-2024-5717 into a Metasploit module for root RCE on Logsign.Wed, 10 Jun 2026 00:00:00 GMTThe Convergence: How Supply Chain Attacks Became Ransomware's Favorite Delivery Vehiclehttps://jankesec.com/blog/supply-chain-ransomware-2025/https://jankesec.com/blog/supply-chain-ransomware-2025/How modern ransomware weaponizes supply chain trust, and where to break the kill chain.Tue, 09 Jun 2026 00:00:00 GMTInside the Machine: A Technical Anatomy of the 2025 Ransomware Ecosystemhttps://jankesec.com/blog/ransomware-ecosystem-2025/https://jankesec.com/blog/ransomware-ecosystem-2025/Affiliate infrastructure, negotiation backends, and the TTPs that define modern RaaS operations.Mon, 08 Jun 2026 00:00:00 GMTMapping the Adversary: A Technical Profile of the 2025 APT Landscapehttps://jankesec.com/blog/apt-landscape-2025/https://jankesec.com/blog/apt-landscape-2025/Operational TTPs, infrastructure patterns, and detection strategies for the APT groups shaping 2025.Sun, 07 Jun 2026 00:00:00 GMTThe Evolution of Modern Ransomware: How They Became This Powerfulhttps://jankesec.com/blog/modern-ransomware-evolution/https://jankesec.com/blog/modern-ransomware-evolution/From script-kiddie lockers to billion-dollar enterprises — the technical leaps that made ransomware unstoppable.Sat, 06 Jun 2026 00:00:00 GMTThe Treasure of Finding Vulnerabilities: A Researcher's Guide to Secure Code Reviewhttps://jankesec.com/blog/secure-code-review-methodology/https://jankesec.com/blog/secure-code-review-methodology/A risk-based methodology for finding the vulnerabilities that scanners and pentests miss.Mon, 04 Aug 2025 00:00:00 GMTAnatomy of a Supply Chain Kill Chain: The xz Utils Backdoor (CVE-2024-3094)https://jankesec.com/blog/xz-utils-backdoor-technical-breakdown/https://jankesec.com/blog/xz-utils-backdoor-technical-breakdown/How build-system manipulation and IFUNC hijacking turned a compression library into an SSH implant.Mon, 09 Sep 2024 00:00:00 GMTThe Human Firewall: Why Decision Hygiene Is Your Best Security ROIhttps://jankesec.com/blog/human-firewall-decision-hygiene/https://jankesec.com/blog/human-firewall-decision-hygiene/Why security awareness must evolve from compliance theater to decision hygiene.Sat, 22 Jun 2024 00:00:00 GMTMapping the Digital Metropolis: A Practitioner's Guide to Attack Surface Managementhttps://jankesec.com/blog/attack-surface-management/https://jankesec.com/blog/attack-surface-management/Mapping the digital, human, supply chain, and physical attack surfaces with risk-based prioritization.Fri, 21 Jun 2024 00:00:00 GMT