Exploiting Insecure Output Handling in LLMs
3,685 views 7 months ago
👩‍🎓👨‍🎓 Learn about Large Language Model (LLM) attacks! This lab handles LLM output insecurely, leaving it vulnerable to XSS. The user carlos frequently uses the live chat to ask about the Lightweight "l33t" Leather Jacket product. To solve the lab, we must use indirect prompt injection to perform an XSS attack that deletes the user carlos. If you're struggling with the concepts covered in this lab, please review https://portswigger.net/web-security/... 🧠 🔗 @PortSwiggerTV challenge: https://portswigger.net/web-security/... 🧑💻 Sign up and start hacking right now - https://go.intigriti.com/register 👾 Join our Discord - https://go.intigriti.com/discord 🎙️ This show is hosted by https://twitter.com/_CryptoCat ( @_CryptoCat ) & https://twitter.com/intigriti 👕 Do you want some Intigriti Swag? Check out https://swag.intigriti.com Overview: 0:00 Intro 0:31 Lab: Exploiting insecure output handling in LLMs 0:57 Explore site functionality 1:48 Probe LLM live chat 2:30 Exploit XSS to delete victim account 9:26 Training data poisoning 9:49 Leaking sensitive training data 10:42 Defending against LLM attacks 12:29 Conclusion
The Intigriti Hackademy is a collection of free online learning resources in the field of web security. Learn more here: https://blog.intigriti.com/hackademy/
Hacker Tools is a show from hackers for hackers! Learn how to use the best tools out there and improve your bug bounty skills 💪
Hacker Heroes is a show from hackers for hackers! 👩‍💻🧑‍💻In this interview series, we talk to some of the best hackers on the planet and hear them out what they have to share with the community!
Video series on Game Hacking, with a focus on Bug Bounty. We'll look at the core tools and techniques utilized by ethical hackers to find vulnerabilities in games and their infrastructure. We'll also explore ethical and legal issues and the importance of having proper authorization, staying within scope and preventing harm against real players.
Video series on Mobile (Android) Hacking, with a focus on Bug Bounty. We'll look at the core tools and techniques utilized by ethical hackers to find vulnerabilities in android applications. Topics covered include; SSL certificate pinning bypass (frida), APK patching (apktool), reverse engineering (jadx), dynamic analysis (android studio + mobsf) and much more! Finally, we'll explore ethical/legal issues and the importance of having proper authorization and staying within scope.