Embrace The Red
@EmbraceTheRed23
Followers
112
Following
411
Media
11
Statuses
251
Learn the hacks, stop the attacks.
Joined January 2023
RT @OOTBconf: #OOTB2025BKK Agentic ProbLLMs: Exploiting Al Computer-Use and Coding Agents - Johann Rehberger - cc @….
0
5
0
RT @wunderwuzzi23: 🚨 Security Advisory: Anthropic's Slack MCP Server leaks data via link unfurling ☠️. See a demo exploit with Claude Code….
0
19
0
RT @wunderwuzzi23: Great post. One of my approaches to high sev bugs:. 1. Grab system prompt.2. Look for tool metadata.3. Think evil! 😈 .4.….
0
8
0
RT @wunderwuzzi23: Yep, that just happened. ChatGPT Deep Research took a test password from a Linear ticket and searched (leaked) it to m….
0
28
0
RT @wunderwuzzi23: The ZombAIs have arrived in Codex!. Prompt injection to C2. Be careful out there!. This PoC uses a domain from the Commo….
0
12
0
RT @wunderwuzzi23: 🔥 Just learned that Google hardened Chrome to make it more difficult to steal your cookies! 🍪 . They referenced my "revi….
0
2
0
RT @wunderwuzzi23: Just occurred to me that the Cookie Theft TTP was my very first Embrace The Red blog post in 2018. .
0
1
0
RT @wunderwuzzi23: Anthropic archived many of their reference MCP servers from their Github repository!. I was reporting vulnerabilities in….
0
7
0
Cyber kill chain goes AI.
AI Kill Chain: 🤖. - Prompt Injection 💉.- Confused Deputy 🤷♂️.- Automatic Tool Invocation 🔧.
0
0
3
RT @wunderwuzzi23: 🔥 New blog post: AI ClickFix!. Explores how classic ClickFix social engineering attacks can target AI agents, like Claud….
0
10
0
RT @wunderwuzzi23: Jules coding agent from Google main system prompt:.- Multi-agent architecture.- Usage of special control token and pytho….
0
2
0
RT @wunderwuzzi23: With all the MCP hype and everyone wanting to support it, as a security engineer I fondly remember the time when ActiveX….
0
3
0
RT @hackplayers: How ChatGPT Remembers You: A Deep Dive into Its Memory and Chat History Features
0
1
0
RT @wunderwuzzi23: 👉 How ChatGPT Remembers You 🧑💻. A Deep Dive into Its Memory and Chat History Features. Put together an analysis of the….
0
12
0
RT @wunderwuzzi23: The latest Gemini models are the first ones from Google that can reliable read and write invisible Unicode Tags. This….
0
17
0
RT @wunderwuzzi23: @LowLevelTweets Thanks for the shout out of ASCII Smuggler. Awesome to see more lights on these LLM specific threats!….
0
2
0
RT @wunderwuzzi23: 🔥 SpAIware & More: Advanced Prompt Injection Exploits in LLM Applications 🔥. 👉 Black Hat posted my talk to YouTube - Enj….
0
13
0
AI can now use COM! 🙃.
Figured this would be a fun weekend project. Claude Desktop + COM Automation 🤯. Outlook, Excel, Word, Shell - anything with a COM interface on Windows is now discoverable and scriptable using this MCP server that wraps COM. AI just got an upgrade. 🚀
0
0
0
ActiveX!!.
Fun idea - add support in Claude Desktop or Copilot to host and call COM/DCOM objects. 🙃. "QueryInterface" instead of "tools/list" . Massive tool support out of box! 😂.
0
0
0