The Lab
Dive deeper. Look harder. And then, share your findings.
LLMGoat - A01 Prompt Injection
This post is the first in a series of 10 blog posts and it covers the solution to the Prompt Injection challenge from LLMGoat.
See more
CVE-2023-26465 - Breaking Through XSS Filters in Pega Platform
Take a look at how we managed to break through XSS filters using Markdown-nesting and user mentioning functionalities in Pega Platform
See more
Size matters! When capital letters introduce vulnerabilities
Microsoft Dynamics 365 Rich Text Editor XSS
See more
AWS Cognito pitfalls: Default settings attackers love (and you should know about)
Diving into some common, but sometimes overlooked, AWS Cognito misconfigurations.
See more
CVE-2022-20942: It's not old functionality, it's vintage
Cisco information disclosure vulnerability leveraging supposedly removed legacy functionality
See more
New technique of stealing data using CSS and Scroll-to-Text Fragment feature.
Method to leak matching Scroll-to-Text Fragments that will power the xsleaks collection as well as CSS exfiltration techniques.
See more