Skip to main content

LLM pentest: Leveraging agent integration for RCE.


This blog post delves into the class of vulnerability known as “Prompt Leaking” and its subsequent exploitation through “Prompt Injection,” which, during an LLM pentest engagement, allowed the unauthorized execution of system commands via Python code injection. In a detailed case study, we will explore the mechanics of these vulnerabilities, their implications, and the methodology used to exploit them.

Comments

Post a Comment

Popular posts from this blog

Fixing Unix/Linux/POSIX Filenames

Traditionally, Unix/Linux/POSIX filenames can be almost any sequence of bytes, and their meaning is unassigned. The only real rules are that "/" is always the directory separator, and that filenames can't contain byte 0 (because this is the terminator). Although this is flexible, this creates many unnecessary problems. In particular, this lack of limitations makes it unnecessarily difficult to write correct programs (enabling many security flaws), makes it impossible to consistently and accurately display filenames, causes portability problems, and confuses users. more ....
Post a Comment
Read more

Multi-Boot Disk for Machines With AMD Opteron Processors

This article presents step-by-step procedures for loading the Solaris 10 OS on x86 platforms, and one or two 64-bit Linux operating systems, on machines based on 64-bit AMD Opteron processors. Installations were done on generic Opteron-based workstations and confirmed on a Sun Fire V20z server and Sun Java Workstation W1100z and W2100z workstations.
Post a Comment
Read more