Team Research blog
Finding deserialization functions accepting user input can be exciting, but what’s your plan if well-known gadget chains aren’t an option for exploitation? In this post, we explore the process of building a custom gadget chain to exploit deserialization vulnerabilities in Ruby.
In Part 2 of our series focusing on improving LLM security against prompt injection we’re doing a deeper dive into transformers, attention, and how these topics play a role in prompt injection attacks. This post aims to provide more under-the-hood context about why prompt injection attacks are effective, and why they’re so difficult to mitigate.
Many developers are leveraging LLMs without taking advantage of system roles, making their applications vulnerable by design. Security researches may be missing severe issues with prompt design and implementation by not testing the LLM APIs and focusing on the web user interfaces of LLM providers. Our latest blog post provides prescriptive advice to LLM application developers to help them minimize the security risk of their applications. It also helps security researchers focus on the issues that are important to developers of LLM applications. This post is the first in a series of two, where in future posts we’ll cover the concept of attention in transformer models.
Guest Post: Neil Jacobs (deals with cyber law stuff) Many companies engage their pen testing companies through their lawyers, ie, the lawyers themselves actually engage the pentester (and not the client), and the lawyers provide the pen test results to the client usually via a report. The thinking behind this is that doing so will … Read more
Mirror is an open-source multiplayer game framework for Unity. The history of Mirror is pretty interesting, I’d encourage anyone interested to give it a read on their site. Long story short, it was built as a replacement for UNET (which was provided by Unity but had a number of issues and was ultimately deprecated). Mirror … Read more