Blogs on ~Vigneshwar Sundararajan

The Middleman Pipeline

Mon, 08 Jun 2026 00:00:00 +0000

TL;DR: We can protect our private data when using cloud AI by hiding it among highly realistic “fake” data. To keep this fast and cheap, a central “middleman” server groups similar user requests together into one single batch before sending them to the AI.

I spend a lot of time thinking about the gap between artificial intelligence and security. We all want to use powerful cloud AI models to fix our code, summarize medical records, or analyze financial data. The problem is that sending this private data to an external server is a huge privacy risk.

Catching Phishing Sites with AI Teamwork

Wed, 17 Dec 2025 00:00:00 +0000

TL;DR: Single AI models often make mistakes when trying to spot phishing websites. A better approach is using a "multi-agent debate" system. By creating a team of specialized AI agents that debate the evidence together, we can drastically reduce errors and catch complex phishing attacks early. I built a tool called Cross-Check using Google’s Agent Development Kit to bring this concept to life.

As a security researcher, I spend a lot of time looking at how cyber attacks are evolving. Phishing is getting much smarter. Attackers are using AI to create flawless fake websites, so naturally, we want to use AI to defend against them. But there is a problem.

Stop Googling Exploits: Try Mini RAGs

Fri, 19 Sep 2025 00:00:00 +0000

TL;DR: I built Kestrel, a simple command-line tool using RAG and ChromaDB, but the real goal is much bigger. This project highlights the power of mini, lightweight RAGs. Imagine a future where we do not need to read man pages or memorize complex filters—we just send one prompt and get our freedom back.

The Annoying Problem

When you are deep into cybersecurity research or testing, finding the right exploit or command can be frustrating. You spot a vulnerability, but then you have to stop what you are doing. You open Exploit-DB, run slow and complex search filters in Metasploit, or read through massive man pages just to find the right flag.

TryHackMe Writeup — Brains

Mon, 19 May 2025 00:00:00 +0000

Room Link: https://tryhackme.com/room/brains

1. Red: Exploit the Server!

The city forgot to close its gate. Welcome to the Brains challenge, part of TryHackMe’s Hackathon! All brains gathered to build an engineering marvel; however, it seems strangers had found away to get in.

As the Ping output shows, the TTL (Time to Live) value was 63. This is a strong indicator that the target machine was running a Linux distribution. With this information in hand, I proceeded to port scanning using nmap to discover open services.

TryHackMe Writeup — Billing

Fri, 18 Apr 2025 00:00:00 +0000

Some mistakes can be costly. Gain a shell, find the way and escalate your privileges! Bruteforcing is out of scope for this room.

Room Link: https://tryhackme.com/room/billing

1. Enumeration

Identifying whether a target machine operates on Linux can be facilitated by examining the TTL (Time to Live) value during a ping test. A TTL value of 63 typically indicates a Linux system, enabling a more tailored enumeration strategy that is.

CRTP: My Experience

Wed, 09 Apr 2025 00:00:00 +0000

Hey everyone,

I’m really happy to share that I’ve cleared the CRTP (Certified Red Team Professional) exam on my first attempt! This was a whole new area for me—no prior Active Directory (AD) pentesting experience, and still, I managed to get through it. So if you’re someone wondering whether this cert is possible without an AD background—yes, it is. Let me walk you through how I did it.

My Background Before CRTP

Before jumping into CRTP, my only real exposure to pentesting was TryHackMe rooms and clearing the eJPT exam. To be honest, I had never done any complete AD-based CTFs before. CRTP was the first time I was diving into the world of Windows domains and enterprise-style networks.

eJPT: My Experience

Mon, 23 Dec 2024 00:00:00 +0000

Hey everyone,

I’m super excited to share that I’ve passed the eJPT exam with a score of 94% in my first attempt. I managed to finish it in 6 hours, and I’ve got some handy tips and personal insights that might help those of you gearing up for the same challenge.

A Little Bit About Me

Before jumping into the specifics, let me give you a bit of background. I’ve been a software developer for three years, but I had zero experience in penetration testing before this. However, I decided to give it a shot and prepped for about two months. This goes to show that anyone can master this with the right focus and dedication.