4 min readPortSwigger : Exploiting LLM APIs, LLMs typically interact with users via a chat interface, called a prompt, and their inputs are governed by validation rules. Continuer la lecture
3 min readMika discovered and reported this Open Redirection. This could allow a malicious actor to redirect users from one site to the other due to the redirect URL not being validated. Users could be tricked to visiting a legitimate site to then be redirected to a malicious site and cause a phishing incident. This vulnerability has been fixed in version 3.6.4.4. Continuer la lecture
3 min readWe will explain how to use John the Ripper, a tool used to crack passwords, to crack a passphrase of an SSH Private Key with the famous wordlist rockyou.txt. Continuer la lecture
2 min readThe plugin does not sanitise and escape the Download Counter Text settings, which could allow high privilege users to perform Cross-Site Scripting attacks. Continuer la lecture
4 min readAre you good enough to apply for this job ? Continuer la lecture
3 min readShocker is a retired HTB (Hack The Box) machine that is based on the ShellSock vulnerability, in this machine we will not use metasploit. Continuer la lecture
3 min readIn this article, we will go from a lambda user with no rights but in the docker group to the root user using a wrong configuration and use of docker. Continuer la lecture
3 min readVoici le write up du challenge Baguette VPN n°2 du France Cybersecurity Challenge (FCSC 2021)
Le but est de récupérer le secret contenu dans l’API. Continuer la lecture
3 min readLinux Privilege Escalation with Python Library Hijacking.
Python will prioritize the execution of our malicious module instead of the usual path Continuer la lecture
4 min readYou know them, you love them, your favourite group of broke computer science students have another business venture! Show them that they probably should hire someone for security… Continuer la lecture
