2025
- Hosting COM Servers with an MCP Server
- AI ClickFix: Hijacking Computer-Use Agents Using ClickFix
- How ChatGPT Remembers You: A Deep Dive into Its Memory and Chat History Features
- MCP: Untrusted Servers and Confused Clients, Plus a Sneaky Exploit
- GitHub Copilot Custom Instructions and Risks
- Sneaky Bits: Advanced Data Smuggling Techniques (ASCII Smuggler Updates)
- ChatGPT Operator: Prompt Injection Exploits & Defenses
- Hacking Gemini's Memory with Prompt Injection and Delayed Tool Invocation
- AI Domination: Remote Controlling ChatGPT ZombAI Instances
- Microsoft 365 Copilot Generated Images Accessible Without Authentication -- Fixed!
2024
- Trust No AI: Prompt Injection Along the CIA Security Triad Paper
- Security ProbLLMs in xAI's Grok: A Deep Dive
- Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection
- DeepSeek AI: From Prompt Injection To Account Takeover
- ZombAIs: From Prompt Injection to C2 with Claude Computer Use
- Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware)
- Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
- Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
- Protect Your Copilots: Preventing Data Leaks in Copilot Studio
- Google Colab AI: Data Leakage Through Image Rendering Fixed. Some Risks Remain.
- Breaking Instruction Hierarchy in OpenAI's gpt-4o-mini
- Sorry, ChatGPT Is Under Maintenance: Persistent Denial of Service through Prompt Injection and Memory Attacks
- GitHub Copilot Chat: From Prompt Injection to Data Exfiltration
- Automatic Tool Invocation when Browsing with ChatGPT - Threats and Mitigations
- ChatGPT: Hacking Memories with Prompt Injection
- Machine Learning Attack Series: Backdooring Keras Models and How to Detect It
- Pivot to the Clouds: Cookie Theft in 2024
- Bobby Tables but with LLM Apps - Google NotebookLM Data Exfiltration
- HackSpaceCon 2024: Short Trip Report, Slides and Rocket Launch
- Google AI Studio Data Exfiltration via Prompt Injection - Possible Regression and Fix
- The dangers of AI agents unfurling hyperlinks and what to do about it
- ASCII Smuggler - Improvements
- Who Am I? Conditional Prompt Injection Attacks with Microsoft Copilot
- Google Gemini: Planting Instructions For Delayed Automatic Tool Invocation
- ChatGPT: Lack of Isolation between Code Interpreter sessions of GPTs
- Video: ASCII Smuggling and Hidden Prompt Instructions
- Hidden Prompt Injections with Anthropic Claude
- Exploring Google Bard's Data Visualization Feature (Code Interpreter)
- AWS Fixes Data Exfiltration Attack Angle in Amazon Q for Business
- ASCII Smuggler Tool: Crafting Invisible Text and Decoding Hidden Codes
2023
- 37th Chaos Communication Congress: New Important Instructions (Video + Slides)
- OpenAI Begins Tackling ChatGPT Data Leak Vulnerability
- Malicious ChatGPT Agents: How GPTs Can Quietly Grab Your Data (Demo)
- Ekoparty Talk - Prompt Injections in the Wild
- Hacking Google Bard - From Prompt Injection to Data Exfiltration
- Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio
- Microsoft Fixes Data Exfiltration Vulnerability in Azure AI Playground
- Advanced Data Exfiltration Techniques with ChatGPT
- HITCON CMT 2023 - LLM Security Presentation and Trip Report
- LLM Apps: Don't Get Stuck in an Infinite Loop! 💵💰
- Video: Data Exfiltration Vulnerabilities in LLM apps (Bing Chat, ChatGPT, Claude)
- Anthropic Claude Data Exfiltration Vulnerability Fixed
- ChatGPT Custom Instructions: Persistent Data Exfiltration Demo
- Image to Prompt Injection with Google Bard
- Google Docs AI Features: Vulnerabilities and Risks
- OpenAI Removes the "Chat with Code" Plugin From Store
- Plugin Vulnerabilities: Visit a Website and Have Your Source Code Stolen
- Bing Chat: Data Exfiltration Exploit Explained
- Exploit ChatGPT and Enter the Matrix to Learn about AI Security
- ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data
- ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery
- Indirect Prompt Injection via YouTube Transcripts
- Adversarial Prompting: Tutorial and Lab
- Video: Prompt Injections - An Introduction
- MLSecOps Podcast: AI Red Teaming and Threat Modeling Machine Learning Systems
- Don't blindly trust LLM responses. Threats to chatbots.
- AI Injections: Direct and Indirect Prompt Injections and Their Implications
- Bing Chat claims to have robbed a bank and it left no trace
- Yolo: Natural Language to Shell Commands with ChatGPT API
- Video Tutorial: Hijacking SSH Agent
- Decrypting TLS browser traffic with Wireshark
2022
- ChatGPT: Imagine you are a database server
- Device Code Phishing Attacks
- Ropci deep-dive for Azure hackers
- PenTest Magazine Open Source Toolkit: ropci
- ROPC - So, you think you have MFA?
- TTP Diaries: SSH Agent Hijacking
- gospray - Simple LDAP bind-based password spray tool
- Malicious Python Packages and Code Execution via pip download
- Machine Learning Attack Series: Backdooring Pickle Files
- Offensive BPF: Using bpftrace to sniff PAM logon passwords
- Post Exploitation: Sniffing Logon Passwords with PAM
- Customized Hacker Shell Prompts
- GPT-3 and Phishing Attacks
- Grabbing and cracking macOS hashes
- Flipper Zero - Initial Thoughts
- AWS Scaled Command Bash Script - Run AWS commands for many profiles
- Gitlab Reconnaissance Introduction
- Log4Shell and Request Forgery Attacks
2021
- Video: Anatomy of a compromise
- Offensive BPF: Understanding and using bpf_probe_write_user
- Offensive BPF: Sniffing Firefox traffic with bpftrace
- Video: Understanding Image Scaling Attacks
- Video: What is Tabnabbing?
- Offensive BPF: What's in the bpfcc-tools box?
- Offensive BPF: Detection Ideas
- Offensive BPF: Using bpftrace to host backdoors
- Offensive BPF: Malicious bpftrace 🤯
- Offensive BPF! Getting started.
- Video: Web Application Security Fundamentals
- Backdoor users on Linux with uid=0
- Using Microsoft Counterfit to create adversarial examples for Husky AI
- Using procdump on Linux to dump credentials
- The Silver Searcher - search through code and files quickly
- Automating Microsoft Office to Achieve Red Teaming Objectives
- Airtag hacks - scanning via browser, removing speaker and data exfiltration
- Somewhere today a company is breached
- Google's FLoC - Privacy Red Teaming Opportunities
- Spoofing credential dialogs on macOS, Linux and Windows
- Broken NFT standards
- Hong Kong InfoSec Summit 2021 Talk - The adversary will come to your house!
- An alternative perspective on the death of manual red teaming
- Cybersecurity Attacks - Red Team Strategies Kindle Edition for free
- Team A and Team B: Sunburst, Teardrop and Raindrop
- Survivorship Bias and Red Teaming
- Gamifying Security with Red Team Scores
2020
- Actively protecting pen testers and pen testing assets
- Machine Learning Attack Series: Overview
- Machine Learning Attack Series: Generative Adversarial Networks (GANs)
- Assuming Bias and Responsible AI
- Abusing Application Layer Gateways (NAT Slipstreaming)
- Machine Learning Attack Series: Repudiation Threat and Auditing
- Video: Building and breaking a machine learning system
- Machine Learning Attack Series: Image Scaling Attacks
- Leveraging the Blue Team's Endpoint Agent as C2
- Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
- Hacking neural networks - so we don't get stuck in the matrix
- What does an offensive security team actually do?
- CVE 2020-16977: VS Code Python Extension Remote Code Execution
- Machine Learning Attack Series: Stealing a model file
- Coming up: Grayhat Red Team Village talk about hacking a machine learning system
- Beware of the Shadowbunny - Using virtual machines to persist and evade detections
- Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
- Machine Learning Attack Series: Backdooring models
- Machine Learning Attack Series: Perturbations to misclassify existing images
- Machine Learning Attack Series: Smart brute forcing
- Machine Learning Attack Series: Brute forcing images to find incorrect predictions
- Threat modeling a machine learning system
- MLOps - Operationalizing the machine learning model
- Husky AI: Building a machine learning system
- The machine learning pipeline and attacks
- Getting the hang of machine learning
- Beware of the Shadowbunny! at BSides Singapore
- Race conditions when applying ACLs
- Red Teaming Telemetry Systems
- Illusion of Control: Capability Maturity Models and Red Teaming
- Motivated Intruder - Red Teaming for Privacy!
- Firefox - Debugger Client for Cookie Access
- Remotely debugging Firefox instances
- Performing port-proxying and port-forwarding on Windows
- Blast from the past: Cross Site Scripting on the AWS Console
- Feedspot ranked 'Embrace the Red' one of the top 15 pentest blogs
- Using built-in OS indexing features for credential hunting
- Shadowbunny article published in the PenTest Magazine
- Putting system owners in Security Bug Jail
- Red Teaming and Monte Carlo Simulations
- Phishing metrics - what to track?
- $3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
- Cookie Crimes and the new Microsoft Edge Browser
- Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
- Hunting for credentials and building a credential type reference catalog
- Attack Graphs - How to create and present them
- Cybersecurity Attacks - Red Team Strategies has been released.
- 2600 - The Hacker Quarterly - Pass the Cookie Article
- Web Application Security Principles Revisited
- Zero Trust and Disabling Remote Management Endpoints
2019
- Book: Cybersecurity Attacks - Red Team Strategies
- MITRE ATT&CK Update for Cloud and cookies!
- Coinbase under attack and cookie theft
- Cybersecurity - Homefield Advantage
- Now using Hugo for the blog
- BashSpray - Simple Password Spray Bash Script
- Active Directory and MacOS
- Google Leaks Your Alternate Email Addresses to Unauthenticated Users
- Lyrebird - Hack the hacker (and take a picture)
- KoiPhish - The Beautiful Phishing Proxy
- McPivot and useful LLDB commands