Attacking GenAI applications and LLMs – Sometimes all it takes is to ask nicely! 生成式AI和大语言模型（LLM）在企业应用中展现出巨大潜力，但也带来了严重安全风险。文章探讨了提示注入攻击、信息收集、授权绕过、SQL注入和远程命令执行等威胁，并展示了这些攻击如何利用LLM的自然语言理解和多agent架构特性对企业系统造成危害。... 2025-7-29 09:31:21 | 阅读: 19 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it llm injection llms security bypass

Export to PDF allows local file inclusion/path traversal in Microsoft 365 文章描述了一名研究人员发现微软Graph API中一个未记录的HTML转PDF功能漏洞，该漏洞允许攻击者通过嵌入特定标签从服务器文件系统中读取本地文件（包括敏感数据），最终成功报告并获得3000美元赏金。... 2025-7-8 07:1:18 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it microsoft attacker conversion client obviously

Fault Injection – Follow the White Rabbit 该研究验证了通过电压注入攻击绕过ESP32 V3芯片的安全启动和闪存加密功能的可行性。研究结合高级触发策略、GDB辅助二分法搜索及LLM加速测试，成功将攻击成功率提升至约1.5%。结果表明，在适当工具和方法支持下，故障注入攻击不仅可行且实用。... 2025-6-18 07:58:40 | 阅读: 9 | 收藏 | hn security - security.humanativaspa.it crc32 injection a12 glitch a13

My Zero Day Quest & BlueHat Podcast 一位资深Unix黑客受邀参加微软首次举办的Zero Day Quest Onsite Hacking Event，通过漏洞研究和报告在MSRC排行榜名列前茅。活动中他与全球顶尖安全研究员交流，并体验了丰富的社交活动和福利。尽管技术挑战超出其专长，但他在人际互动中获益匪浅，并在活动后参与了微软的BlueHat播客分享经历。... 2025-5-6 06:18:40 | 阅读: 15 | 收藏 | hn security - security.humanativaspa.it microsoft security quest software

Local privilege escalation on Zyxel USG FLEX H Series (CVE-2025-1731) Zyxel USG FLEX H系列防火墙存在安全漏洞（CVE-2025-1731），允许低权限用户通过/fermion-wrapper程序利用/tmp目录中的符号链接提升权限至root。此外，/tmp目录缺少粘滞位设置进一步简化了攻击过程。厂商已发布补丁修复问题。... 2025-4-23 05:31:18 | 阅读: 30 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it zyxel fermion runme 1731 usg

Aiding reverse engineering with Rust and a local LLM 文章介绍了一款名为Oneiromancer的新工具，用于辅助逆向工程和漏洞研究。该工具利用本地运行的LLM分析代码片段，提供代码描述、函数命名建议和变量重命名建议，并支持跨平台运行。工具由Rust编写，并为crates.io新增了安全类别。... 2025-4-15 04:22:9 | 阅读: 7 | 收藏 | hn security - security.humanativaspa.it ollama analysis pseudo aidapal

Streamlining vulnerability research with IDA Pro and Rust 文章介绍了三个新的IDA Pro插件工具：rhabdomancer用于定位不安全API调用；haruspex提取伪代码；augur提取字符串及其伪代码。这些工具基于Rust和Binarly的idalib库开发，支持快速分析二进制文件。作者为idalib贡献了注释API、书签API等功能，并在Hex-Rays竞赛中获奖。... 2025-2-25 06:30:46 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it idalib haruspex pseudo headless

Fault Injection – Looking for a Unicorn 这篇文章探讨了通过电压波动进行硬件故障注入攻击的可能性，特别是在单比特翻转方面。实验表明，在特定条件下（如80MHz和160MHz频率），可以实现单比特的修改。然而，某些比特位更易受影响。研究还发现，较低电压（如2.52V）和同时对VDD_CPU及VDD_RTC进行波动能提高成功率。... 2025-2-11 08:16:19 | 阅读: 7 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it vdd glitch rtc voltage faults

CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 2 In the previous article, we discussed a vulnerability in the LoadConta... 2025-1-29 08:33:7 | 阅读: 25 | 收藏 | hn security - security.humanativaspa.it clfs shadow

CVE-2024-49138 Windows CLFS heap-based buffer overflow analysis – Part 1 CVE-2024-49138 is a Windows vulnerability detected by CrowdStrike as e... 2025-1-29 08:32:27 | 阅读: 21 | 收藏 | hn security - security.humanativaspa.it clfs pbimage blocktype usn

From arbitrary pointer dereference to arbitrary read/write in latest Windows 11 In the last part of this Windows kernel exploitation series, we succe... 2025-1-15 08:45:52 | 阅读: 40 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it ioring buffers privs mc hvci

An offensive Rust encore “Give me alchemy, give me wizardry, give me sorcery, thermatology,Ele... 2024-12-10 15:31:0 | 阅读: 8 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it compiling blindsight windows raptor memory

Extending Burp Suite for fun and profit – The Montoya way – Part 8 Setting up the environment + Hello WorldInspecting and tampering HTT... 2024-11-26 17:0:53 | 阅读: 4 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it bcheck injection payload insertion bchecks

Extending Burp Suite for fun and profit – The Montoya way – Part 7 Setting up the environment + Hello WorldInspecting and tampering HTT... 2024-11-19 17:23:37 | 阅读: 11 | 收藏 | hn security - security.humanativaspa.it payload staticitems burp

Fault Injection – Down the Rabbit Hole IntroThis series of articles describes fault injection attack techniq... 2024-11-13 17:15:48 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it a6 addi emuhelper longvalue

An analysis of the Keycloak authentication system Earlier this year, we carried out a source-assisted application and ar... 2024-10-30 21:18:39 | 阅读: 11 | 收藏 | hn security - security.humanativaspa.it keycloak security otp attacker

Exploiting AMD atdcm64a.sys arbitrary pointer dereference – Part 3 In the previous part of the series we successfully confirmed the vulne... 2024-10-9 21:1:30 | 阅读: 9 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it ropstack fffff800 ntbase shellcode cr4

Exploiting AMD atdcm64a.sys arbitrary pointer dereference – Part 2 Welcome back! We concluded the previous article by spotting two vulner... 2024-10-2 16:1:34 | 阅读: 13 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it inputbuffer debugger

Exploiting AMD atdcm64a.sys arbitrary pointer dereference – Part 1 After attending the OST2 – Exp4011 course, taught by Cedric Halbronn... 2024-9-25 16:1:43 | 阅读: 53 | 收藏 | Over Security - Cybersecurity news aggregator - security.humanativaspa.it windows pseudocode reversing

Learning Rust for fun and backdoo-rs “Launch the PolarisThe end doesn’t scare usWhen will this cease?The... 2024-9-3 14:7:32 | 阅读: 13 | 收藏 | hn security - security.humanativaspa.it payload backdoo windows compiling raptor