Learn how Google CVR could have potentially exfiltrated Gemini 1.0 Pro before launch last year. We describe the vulnz, the fix, and tips for bughunters. Also, shout-out to @epereiralopez for teaming up to adapt this work to another cloud provider.

🕺"Leaving tradition" is one of the best parts of Google's security culture and has led to some of the most interesting attack chains I've gotten to work on. There's nothing quite like starting with a blank slate and ending with a root shell.💃.

Effective today, Google will issue CVEs for critical vulnerabilities in Google Cloud that are fixed internally and do not require customer action or patching.

RT @theflow0: Details:

RT @natashenka: Exciting update on Project Zero’s LLM research:

Before joining Google, I submitted some Cloud bugs to the Google Vulnerability Rewards Program (VRP). Today, we announced a dedicated Cloud VRP and I'm so excited to be a part of the program that got me into Google in the first place. Send us vulnz 🙂.

RT @philvenables: Cloud CISO Perspectives Blog for mid-October ‘24 is up covering:. - Sharing AI vulnerability research.- Virtual red teams….

Excited to share this blog post about server-side memory corruption that my team exploited in production. Shout-out to @scannell_simon, @epereiralopez, and @thatjiaozi - this was a very fun project. :-).

RT @offensive_con: The Mines of Kakadûm: Blindly Exploiting Load-Balanced Services by @scannell_simon and @amlweems is now live! https://t.….

RT @scannell_simon: Very excited to present this with @amlweems! See you in Berlin!. (@epereiralopez and @thatjiaozi) were also working on….

I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-).

RT @thatjiaozi: Our research on the deep mines of the JPX standard is now public. I had the pleasure and the privi….

RT @GoogleVRP: It’s finally time.

RT @springframework:

RT @ProjectZeroBugs: containerd: Insecure handling of image volumes

I'm really excited for this video! I got a chance to collab with @LiveOverflow and share the process for discovering the localhost bypass for CVE-2021-45046 with code review and differential fuzzing. :).

Just finished Portswigger's new Burp Suite Certification. I've always been a huge fan of the @WebSecAcademy and this is an excellent capstone on the labs. Thanks @PortSwigger for all the educational content! #burpsuitecertified.

Thanks for the seamless contribution process! Cheers to @BouncyHat and @dallasl1200 😄.

My team @praetorianlabs just published our work in reverse engineering the Proxylogon patches for CVE-2021-26857, CVE-2021-26855, and CVE-2021-27065. I learned a lot more about Exchange than I thought I'd ever need, but had a blast.

Also, some great new labs on @WebSecAcademy to go along with the research. Thank you for continuing to create free educational content like this.