PortSwigger : Exploiting LLM APIs with excessive agency
4 min read PortSwigger : Exploiting LLM APIs, LLMs typically interact with users via a chat interface, called a prompt, and their inputs are governed by validation rules. Continuer la lecture
4 min read PortSwigger : Exploiting LLM APIs, LLMs typically interact with users via a chat interface, called a prompt, and their inputs are governed by validation rules. Continuer la lecture
3 min read Mika discovered and reported this Open Redirection. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has been fixed in version 3.6.4.4. Continuer la lecture
4 min read The SOC received an alert in their SIEM for ‘Local to Local Port Scanning’ where an internal private IP began scanning another internal system. Continuer la lecture
3 min read In this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. Continuer la lecture
3 min read Linux Privilege Escalation with Python Library Hijacking.
Python will prioritize the execution of our malicious module instead of the usual path Continuer la lecture
2 min read In our example, we will forward a local port from the target machine to our kali machine using chisel. Continuer la lecture
3 min read Une attaque SYN flood est un type d’attaque par déni de service (DDoS) qui vise à rendre un serveur indisponible. Continuer la lecture
2 min read Learn about and use Hydra, a fast network logon cracker, to bruteforce and obtain a website’s credentials. Continuer la lecture