Aggregator

之前的几篇关于AI生成图片的文章讲的都是stable diffusion，虽然SD出现的更早而且开源免费，但其实在设计圈使用更广泛的是Midjourney，Midjourney最大的优点就是使用的便利性，任何一个不懂技术的设计都可以通Midjourney来快速完成设计，而且Midjourney的底层基础模型成熟度相当高，生成的图质量都很高。

OpenAI continues to add plugins with security vulnerabilities to their store.

In particular powerful plugins that can impersonate a user are not getting the required security scrutiny, or a general mitigation at the platform level.

As a brief reminder, one of the challenges Large Language Model (LLM) User-Agents, like ChatGPT, and plugins face is the Confused Deputy Problem / Plugin Request Forgery Attacks, which means that during a Prompt Injection attack an adversary can issue commands to plugins to cause harm.

本文是medium难度的HTB Escape机器的域渗透部分，其中Net-NTLMv2, ADCS, PTH, Silver Ticket等域渗透细节是此box的特色，主要参考0xdf’s blog Escape walkthrough和HTB’s official Escape walkthrough记录这篇博客加深记忆和理解，及供后续做深入研究查阅，备忘。