Home of Himanshu Anand

Social

My Personal Blog

blog.himanshuanand.com

A collection of my research in exploits, malware, reverse engineering, and client-side security.

Featured Posts

Detecting LLM Prompt Injection Without Slowing You Down
A lightweight service and approach to detect prompt injection before your model sees it.
How I (Re)Discovered a Libpng Vulnerability 11 Years Later
A learning-focused secure code review story that re-finds a 2014 bug.
Introducing AWSAttacks
A GitHub hub for collecting and sharing AWS threat intelligence.

Blogs on Employer Sites

How traffic hijacking and affiliate fraud can harm websites and users
How malicious actors hijack traffic and commit affiliate fraud—and defenses that work.
CoinMarketCap Client-Side Attack: A Comprehensive Analysis
Deep dive into the compromise chain and mitigations.
Is relying on Indicators of Compromise secure enough?
Limits of IoCs and how to augment them.
Weaponized Google OAuth Triggers Malicious WebSocket
OAuth abuse patterns on the client side.
Ruthless Client-Side Attacks with ClickFix
Multi-platform targeting via UI manipulation.
PWA Injection Scam Targets Mobile Users
Abusing web app install flows for fraud.
150k+ Sites Hit by Full-Page Hijack
Mass injections and redirect monetization.
35k+ Sites in Gambling Scam Hijack
Campaign evolution and blockers.
ScriptAPI[.]dev Attack on Gov/Uni Sites
Third-party supply chain risk realized.
The Cost of False Positives
Operational impact and how we adapted.
5,000+ WordPress Sites in WP3[.]XYZ Attack
Indicators and containment.
New Client-Side Attack Only a Proxy Could Stop
Where inline protections fall short.
10,000 WordPress Sites Delivering Malware
Cross-platform payload delivery.
Kuwait E-commerce Site Used for Skimming
Infrastructure re-use and takedown paths.
New Magecart Attack Code Revealed
Obfuscation tricks and exfil flows.
3rd-Party Script Attack: artifyau[.]com & quantifymy[.]com
Third-party trust boundaries tested.
Cisco Client-Side Magecart Attack
Merchant-side script compromise analysis.
Ticketmaster Data Breach: Déjà Vu
Repeat patterns, repeat impact.
Navigating the Maze of Magecart
Mitigations and lessons from the field.
AI WAF Detected Ivanti Zero-Day
ML-driven detections in practice.
Protected from Atlassian CVE-2023-22515
Rapid response at scale.
Top Exploited Vulns of 2022
Trends from global traffic.
Confluence Zero-Day (CVE-2022-26134)
Attack surface and mitigations.
WAF Mitigations for Spring4Shell
Rule design and tuning.
Vulnerable Joomla! Installation Under Attack
Field report on active exploitation.
One-Click Fraudsters Learn Chinese
Localization tactics in fraud ops.
Facebook Scam → Nuclear Exploit Kit
Social lures meet exploit delivery.

Talks

Area41 2024 — Public Cloud public attacks: A summary of attacks seen by Cloud Intel (PDF)
Black Hat Asia 2024 — Malware Clustering using Unsupervised ML: CalMal (PDF) — Project link
VB2017 paper: The router of all evil
VB2016 paper: One-click fileless infection

Media

Patents

Papers

Projects

Prompt Injection Detection
AI firewall for detecting & preventing prompt injection attacks.
CalMal
Unsupervised clustering of malware families.
Cloud Intel
High-fidelity public cloud threat intel and atomic IOCs.
Personal LLM
LLaMA-based personal model on Cloudflare Workers.
Legally Blocked
Tracking blocked websites and apps worldwide.
UK Strike Calendar
A calendar built with ChatGPT & Cloudflare Workers.