The Lab
Dive deeper. Look harder. And then, share your findings.
Section Jacking: Removing Primitives from Process Injection
Introducing Section Jacking, a derivation of Threadless Injection that aims to subvert traditional EDR detections by removing primitives associated with process injection.
See more
LLMGoat - A01 Prompt Injection
This post is the first in a series of 10 blog posts and it covers the solution to the Prompt Injection challenge from LLMGoat.
See more
CVE-2023-26465 - Breaking Through XSS Filters in Pega Platform
Take a look at how we managed to break through XSS filters using Markdown-nesting and user mentioning functionalities in Pega Platform
See more
Size matters! When capital letters introduce vulnerabilities
Microsoft Dynamics 365 Rich Text Editor XSS
See more
AWS Cognito pitfalls: Default settings attackers love (and you should know about)
Diving into some common, but sometimes overlooked, AWS Cognito misconfigurations.
See more
CVE-2022-20942: It's not old functionality, it's vintage
Cisco information disclosure vulnerability leveraging supposedly removed legacy functionality
See more