Team Research blog
In our latest blog post, we introduce coverage-guided fuzzing with a brief description of fundamentals and a demonstration of how modifying program instrumentation can be used to more easily track down the source of vulnerabilities and identify interesting fuzzing paths.
Finding deserialization functions accepting user input can be exciting, but what’s your plan if well-known gadget chains aren’t an option for exploitation? In this post, we explore the process of building a custom gadget chain to exploit deserialization vulnerabilities in Ruby.
In Part 2 of our series focusing on improving LLM security against prompt injection we’re doing a deeper dive into transformers, attention, and how these topics play a role in prompt injection attacks. This post aims to provide more under-the-hood context about why prompt injection attacks are effective, and why they’re so difficult to mitigate.