<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Posts on Vivian's Blog</title><link>https://vvnblog.com/en/posts/</link><description>Recent content in Posts on Vivian's Blog</description><generator>Hugo -- gohugo.io</generator><language>en</language><copyright>Copyright © 2026 Vivian All Rights Reserved.</copyright><lastBuildDate>Wed, 08 Jul 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://vvnblog.com/en/posts/index.xml" rel="self" type="application/rss+xml"/><item><title>Attacking AI Is More Than Prompt Injection｜My HTB Certified Offensive AI Expert (COAE) Experience</title><link>https://vvnblog.com/en/posts/coae-exam/</link><pubDate>Wed, 08 Jul 2026 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/coae-exam/</guid><description>Think attacking AI is just Prompt Injection? HTB COAE showed me a whole other side of AI attacks.</description></item><item><title>I Just Wanted the Duo Power Badge and Stickers, But Cloud Security Hit Me Hard | My CCSP Exam Notes</title><link>https://vvnblog.com/en/posts/ccsp-exam/</link><pubDate>Sat, 09 May 2026 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/ccsp-exam/</guid><description>I jumped into CCSP with zero cloud experience. I only wanted the badge and the stickers, but Cloud Security taught me a real lesson.</description></item><item><title>Using AI, Understanding AI, Attacking AI | My 2026 Q1 HTB AI Red Teamer Learning Journey</title><link>https://vvnblog.com/en/posts/ai-red-teamer-learn/</link><pubDate>Mon, 16 Mar 2026 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/ai-red-teamer-learn/</guid><description>When AI turns from a tool into a target, what does pentesting look like? My one-season journey from using AI, to understanding it, to attacking it.</description></item><item><title>No Superhero Mode, Just a Rhythm I Slowly Found Again | A Security Engineer Mom's Growth from 2023 to 2025, and a Look Ahead to 2026</title><link>https://vvnblog.com/en/posts/no-superhero-mode-2023-2025/</link><pubDate>Thu, 01 Jan 2026 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/no-superhero-mode-2023-2025/</guid><description>You don&amp;rsquo;t need a superhero mode to move forward. The real rhythm of a security engineer and mom who earned OSCP and CISSP in two years, between work and kids.</description></item><item><title>Beyond the Technical Framework | My CISSP Preparation Journey</title><link>https://vvnblog.com/en/posts/cissp-exam/</link><pubDate>Tue, 07 Oct 2025 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/cissp-exam/</guid><description>How do you switch from a hands-on hacker mindset to a manager&amp;rsquo;s one? Three months of CISSP prep took me out of my technical comfort zone.</description></item><item><title>A Working Mom Can Pass OSCP+ Too｜Walking a Tightrope Between Kids, Work, and a Hard Exam</title><link>https://vvnblog.com/en/posts/oscp-exam/</link><pubDate>Mon, 28 Apr 2025 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/oscp-exam/</guid><description>Failed twice, studying while raising a child. How does a working mom walk the OSCP+ tightrope with so little time?</description></item><item><title>Basic Pentesting of a GraphQL Setup</title><link>https://vvnblog.com/en/posts/graphql-leak-info/</link><pubDate>Fri, 19 Jul 2024 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/graphql-leak-info/</guid><description>One open Introspection Query let me list the entire GraphQL schema. A real pentest case of a common but costly setup mistake.</description></item><item><title>Secure, HttpOnly, SameSite: The Three Guardians of Your Cookie</title><link>https://vvnblog.com/en/posts/cookie/</link><pubDate>Thu, 23 May 2024 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/cookie/</guid><description>One badly set cookie is enough for an attacker to pretend to be you. Meet the three lines of defense (Secure, HttpOnly, SameSite) and how to turn them on.</description></item><item><title>How JWT Works</title><link>https://vvnblog.com/en/posts/jwt/</link><pubDate>Thu, 11 Apr 2024 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/jwt/</guid><description>How does one string split by dots hold up the login for modern websites? Breaking down the three parts of a JWT, and the traps to avoid.</description></item><item><title>How to Disable the API Feature on NetGear M4300</title><link>https://vvnblog.com/en/posts/netgear-m4300/</link><pubDate>Thu, 13 Jul 2023 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/netgear-m4300/</guid><description>A switch hiding an open API? Starting from one scan alert, I turned off the hidden service on a NetGear M4300, step by step.</description></item><item><title>Making Network Security More Efficient: EDL / EBL</title><link>https://vvnblog.com/en/posts/edl/</link><pubDate>Wed, 15 Mar 2023 00:00:00 +0000</pubDate><guid>https://vvnblog.com/en/posts/edl/</guid><description>Still adding malicious IPs to your firewall one by one? EDL / EBL lets the firewall fetch the list on its own, so you get your time back for the work that matters.</description></item></channel></rss>