taku – Author –

-
Base44 vs. Lovable: Which Should Beginners Choose? A Practical Engineer Examines the Differences Based on Their Experience | Introduction to Vibe Coding
With the proliferation of no-code tools, many people are probably wondering, "Which one should I start with?" With attractive options like Base44 and Lovable, it can be hard to decide. In this article, we'll introduce some of the best no-code tools from the perspective of a current engineer. -
[AI Development Tool] Vibe Coding with Lovable! Full-scale Web App Development with Supabase and AI | How to Get Started & Pricing Plans
"I want to create a more professional service, but I don't think I can write code..." For non-engineers who want to get serious about vibe coding, Lovable is the perfect development platform for the next step. Recently, there's been a lot of talk about AI-generated landing pages and UIs... -
[AI Development Tool] Vibe Coding with Base44! Full-stack development can also be completed with AI | How to get started & pricing plans explained
For those who want to create a web app but can't write code, Base44 is a service that could be a very viable option. Recently, a style of "vibe coding," in which AI is instructed to generate apps, has been gaining attention. After trying out a few services... -
I wrote an API key on the front end using Vibe Coding, and ended up being hacked and charged a high fee. Here are some examples and security measures.
"Vibe coding," a modern development style that focuses on quickly building apps with a focus on getting them working, is gaining popularity. BaaS services like Supabase and Firebase, in particular, allow you to complete authentication and database operations with just a few lines of code, making them ideal for rapid prototyping and UI improvement. -
[AI Security] Disabling specific classes by tampering with the model | HackTheBox Fuel Crisis Writeup
We are now in an era where AI not only "learns and makes decisions," but also the models that make those decisions are themselves targets of attack. In particular, the weights and biases of machine learning models are central to determining their output, and tampering with these can intentionally distort prediction results. Such models... -
[AI Security] Attacking AI-Negotiated Ransomware with Prompt Injection | HackTheBox TrynaSob Ransomware Writeup
We are now in an era where AI is no longer just a "conversational partner" but can also be a tool for attackers. In recent years, even in the world of ransomware, AI negotiation bots have appeared that automate interactions with victims, streamlining ransom payments. However, the authority and information that this AI possesses... -
[AI Security] AI Agent Hijacking Exploiting OpenAI Function Calling: Practice and Defense Strategies Explained! HackTheBox Loyalty Survey Writeup
The evolution of AI has already gone beyond simply conversing with humans. Recent large-scale language models (LLMs) can call external functions and APIs in response to user requests, running actual systems and services. OpenAI's Function Calling feature... -
[AI Security] Tricking an LLM with Prompt Injection | HackTheBox External Affairs Writeup
We live in an age where AI is acting as a proxy for human decision-making. What would happen if we could "trick" that AI just a little? This time, we took on the challenge of a CTF to break through international travel screening using AI. We used prompt injection, a technique that exploits a weakness in large-scale language models (LLMs). -
[Practical Guide] Hacking with RCE from SSTI Vulnerability on HackTheBox! Learn the Causes and Countermeasures of Vulnerabilities | Spookifier Writeup
Template engines are widely used in web applications to combine HTML and data to generate displays. For example, template engines are used on the backend to embed usernames, post contents, and other information into HTML. However,... -
How to get started with Hack The Box | A thorough comparison of free and paid plans, Labs and Academy
Many people who are aspiring to become security engineers and want to improve their skills through CTFs may have become interested in Hack the Box (HTB) with this in mind. However, when you actually look at the official website, you'll see a wide variety of services (Labs, Academy, CTF, Business, etc.) lined up...