Pwning the source prompts of Notion AI, 7 techniques for Reverse Prompt Engineering... and why everyone is *wrong* about prompt injection

Introduction This post, as indicated by the noscript, will cover the topic of writing Windows kernel drivers for advanced persistence. Because the subject matte...

Information and PoC about the ENLBufferPwn vulnerability - GitHub - PabloMK7/ENLBufferPwn: Information and PoC about the ENLBufferPwn vulnerability

Years ago, entrepreneurs and innovators predicated that “software would eat the world”. And to little surprise, year after year, the world has become more and more reliant on software solutions. Often times, that software is (or indirectly depends on) some…

Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an introduction to browser internals and delve into the topic of Chrome browser exploitation on Windows in greater…

computer security evaluation tool

Join the Architecture Notes CTF and test your system design skills against participants from around the world. Solve challenges in distributed systems, web security, and more. Open to all skill levels.

Happy holidays 🕎/🎅 and (almost) happy new year!
This week I presented my LuaJIT journey at the DEFCON-Groups meetup(@dc9723):

Yesterday I shared my LuaJIT journey at @dc9723 group. Thanks for everyone who attended :DCurrently working on the last blogpost…

An open source machine learning framework that accelerates the path from research prototyping to production deployment.

Utility to find hidden Linux kernel modules. Contribute to jafarlihi/modreveal development by creating an account on GitHub.

teler-waf is a Go HTTP middleware that provide teler IDS functionality to protect against web-based attacks and improve the security of Go-based web applications. It is highly configurable and easy...

Python developers who spent some time coding over the holiday break may want to check out an advisory regarding a malicious PyTorch package that was being fetched from PyPI last week.

Attackers are already fully aware of what cloud misconfigurations are and how to take advantage. Why would an attacker run 169.254.169[.]254/latest/meta-data/iam/security-credentials/ ?

During the fall of 2022, a few friends and I took a road trip from Chicago, IL to Washington, DC to attend a cybersecurity conference and (try) to take a break from our usual computer work. While we were visiting the University of Maryland, we came across…

Misconfigurations in reverse proxies that use SNI to select backend servers can lead to SSRF vulnerabilities. Invicti security researcher Aleksei Tiurin explores the security implications of SNI proxy misconfigurations.

Of-CORS, an appsec framework to exploit internal open CORS apps without violating bug bounty rules.

Perform internet wide scans for far less than a cup of coffee.

In a two-part documentary, FRONTLINE and Forbidden Films explore how the powerful spyware Pegasus, sold to governments around the world by the Israeli company NSO Group, was used on journalists,