Understanding Logits And Their Possible Impacts On Large Language Model Output Safety #Logits #LanguageModels #SoftMaxFunction #ModelSafety #ArtificialIntelligence https://ioactive.com/understanding-logits-and-their-possible-impacts-on-large-language-model-output-safety/
Nice compilation of search evasion techniques #UnprotectProject #Home #TechniqueList #CodeSnippets #DetectionRules https://unprotect.it/
Exploiting Reflected Input Via the Range Header #ReflectedInputExploitation #RangeHeaderExploitation #ServerVulnerabilities #XSSAttacks #InformationSecurity https://attackshipsonfi.re/p/exploiting-reflected-input-via-the
attackshipsonfi.re
Exploiting Reflected Input Via the Range Header
TL;DR Reflected input is often unexploitable because the attack ends up in a place which stops it working, such as inside a quoted attribute.
CVE-2024-44825 - Invesalius Arbitrary File Write and Directory Traversal #CVE-2024-44825 #Invesalius #ArbitraryFileWrite #DirectoryTraversal #ZipSlip https://www.partywave.site/show/research/CVE-2024-44825%20-%20Invesalius%20Arbitrary%20File%20Write%20and%20Directory%20Traversal
www.partywave.site
cve-2024-44825-invesalius-arbitrary-file-write-and-directory-traversal
Discover cve-2024-44825-invesalius-arbitrary-file-write-and-directory-traversal article on partywave.
Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150 #JWTAlgorithmConfusion #Vulnerability #CVE202454150 #SecurityCodeReview #AlgorithmConfusion https://pentesterlab.com/blog/another-jwt-algorithm-confusion-cve-2024-54150
Pentesterlab
Another JWT Algorithm Confusion Vulnerability: CVE-2024-54150
Discover how a code review uncovered a JWT algorithm confusion vulnerability (CVE-2024-54150). Learn key insights to enhance your security skills and spot vulnerabilities effectively.
🔐 Incident Response for Generative AI Workloads: A Structured Approach by AWS #AIsecurityHub #IncidentResponse #GenerativeAI #AWS #StructuredApproach https://medium.com/ai-security-hub/incident-response-for-generative-ai-workloads-a-structured-approach-by-aws-da8619533f23
Medium
🔐 Incident Response for Generative AI Workloads: A Structured Approach by AWS
Amazon Web Services (AWS) outlines a structured approach for incident response in Generative AI workloads, emphasizing both response…
Inside a New OT/IoT Cyberweapon: IOCONTROL #IOCONTROL #Cyberweapon #CybersecurityResearch #MalwareAnalysis #IoTSecurity https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol
Claroty
Inside a New OT/IoT Cyberweapon: IOCONTROL
Team82 has researched a malware sample called IOCONTROL linked to an Iran-based attack group used to target IoT and OT civilian infrastructure in the U.S. and Israel.
Performing AD LDAP Queries Like a Ninja #ADLDAP #LDAPLogging #BypassDetection #ThreatDetection #ADSecurity https://cravaterouge.com/articles/ldapad-logging/
CravateRouge Ltd
Performing AD LDAP Queries Like a Ninja | CravateRouge Ltd
Strategies to minimize logging generation, and methods to enhance logging efficiency
Everything About Memory Allocators: Write A Simple Memory Allocator #MemoryAllocators #MemoryManagement #CProgramming #Implementation #ThreadSafety https://mohitmishra786.github.io/chessman/2024/11/24/Everything-About-Memory-Allocators-Write-a-simple-memory-allocator.html
Mohit Mishra
Everything About Memory Allocators: Write A Simple Memory Allocator
Table of Contents Introduction Memory Layout Fundamentals Memory Management Basics Building a Memory Allocator Core Data Structures Memory Block Headers Implementation Details Core Functions Implementation malloc() free() calloc() realloc() Thread Safety…
NFS Security: Identifying and Exploiting Misconfigurations #NFSSecurity #ISMS #InfoSecRiskManagement #BusinessContinuity #SecurityAwareness https://www.hvs-consulting.de/en/nfs-security-identifying-and-exploiting-misconfigurations/
HvS-Consulting
NFS Security: Identifying and Exploiting Misconfigurations | HvS-Consulting
Understand security features, misconfigurations and technical attacks on NFS shares.
Volkswagen’s bad streak: We know where your car is #VolkswagenDataBreach #CCCInvestigation #DataPrivacy #Cybersecurity #ProtectYourself https://reynardsec.com/en/volkswagens-bad-streak-we-know-where-your-car-is/
ReynardSec
Volkswagen's bad streak: We know where your car is - ReynardSec
Volkswagen has landed in hot water once again. A recent investigation by the Chaos Computer Club (CCC) reveals that the company has been systematically collecting and storing movement data from hundreds of thousands of vehicles across its brands (VW, Audi…
Simple Prompts to get the System Prompts #AIWrappers #Security #SystemPrompts #Research #Blog https://eval.blog/blog/simple-prompts-to-get-the-system-prompts/
eval.blog
Simple Prompts to get the System Prompts
Exploring prompt injection techniques to extract hidden system prompts from popular AI wrappers and chatbots.
From Arbitrary File Write to RCE in Restricted Rails apps #ArbitraryFileWrite #RCE #RailsApps #Bootsnap #ExploitationPossibilities https://blog.convisoappsec.com/en/from-arbitrary-file-write-to-rce-in-restricted-rails-apps/
Conviso AppSec
From Arbitrary File Write to RCE in Restricted Rails apps
We describe a technique that can be used to achieve remote code execution (RCE) from an arbitrary file write vulnerability by abusing the cache mechanism of Bootsnap.
Directory Traversal (Path Traversal) #DirectoryTraversal #PathTraversal #OWASP #SourceCodeReview #SSTI https://blog.projectasuras.com/OWASP/Path-Traversal/1
CVE-2024-54819 - I Librarian Server Side Request Forgery #CVE202454819 #ILibrarian #SSRF #Cybersecurity #Vulnerability https://www.partywave.site/show/research/CVE-2024-54819_-_I_Librarian_Server_Side_Request_Forgery
www.partywave.site
cve-2024-54819-i-librarian-server-side-request-forgery
Discover cve-2024-54819-i-librarian-server-side-request-forgery article on partywave.
👍1
Command Injection in apmcfgupload endpoint for DrayTek Gateway Devices #Notion #AllinOne #Workspace #Notes #Tasks https://netsecfish.notion.site/Command-Injection-in-apmcfgupload-endpoint-for-DrayTek-Gateway-Devices-1676b683e67c8040b7f1f0ffe29ce18f
netsecfish on Notion
Command Injection in `apmcfgupload` endpoint for DrayTek Gateway Devices | Notion
Summary
CVE-2024-49113: LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 #PoC #LdapNightmare #CVE202449113 #SafeBreachLabs #WindowsServerVulnerability https://github.com/SafeBreach-Labs/CVE-2024-49113
GitHub
GitHub - SafeBreach-Labs/CVE-2024-49113: LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113 - SafeBreach-Labs/CVE-2024-49113
Remote Code Execution (RCE) Exploits – How Hackers Exploit from Home #RCEExploits #HackersAtHome #OcsalyAcademy #CybersecurityThreats #StaySafe https://ocsaly.com/how-hackers-exploit-calibre-and-what-you-can-do-about-it/
TMI — Too Much Information. The less you reveal the better! #TMI #UserEnumerationVulnerability #InformationDisclosure #SecureProgramming #ProtectUserData https://medium.com/@aleksamajkic/too-much-information-the-less-you-reveal-the-better-163dabb7f89f
Medium
TMI — Too Much Information. The less you reveal the better!
A short overview of frequently overlooked vulnerability with real world examples