PortSwigger : Exploiting LLM APIs with excessive agency
4 min read PortSwigger : Exploiting LLM APIs, LLMs typically interact with users via a chat interface, called a prompt, and their inputs are governed by validation rules. Continuer la lecture
4 min read PortSwigger : Exploiting LLM APIs, LLMs typically interact with users via a chat interface, called a prompt, and their inputs are governed by validation rules. Continuer la lecture
3 min read Mika discovered and reported this Open Redirection. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has been fixed in version 3.6.4.4. Continuer la lecture
3 min read We will explain how to use John the Ripper, a tool used to crack passwords, to crack a passphrase of an SSH Private Key with the famous wordlist rockyou.txt. Continuer la lecture
6 min read TryHackMe – Olympus Room designed by G4vr0ch3. Continuer la lecture
2 min read The plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture
4 min read Are you good enough to apply for this job ? Continuer la lecture
4 min read The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. Continuer la lecture
3 min read Shocker is a retired HTB (Hack The Box) machine that is based on the ShellSock vulnerability, in this machine we will not use metasploit. Continuer la lecture
3 min read In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. Continuer la lecture
2 min read Real visitor IPs in Nginx logs when using CloudFlare. Continuer la lecture