Raul Onitza-Klugman
@supriza0
Followers
48
Following
33
Media
3
Statuses
26
AI Red Team at @zenitysec. Web, binary and organic vegetable growing. Oh and AI too, duh.
Israel
Joined June 2019
Some food for thought around leveraging prompt injection to exploit vulns in MCP servers π΅οΈ
Prompt Injection + Classic Vulns = A NEW Threat! π€― Our Sec Labs team found ways to weaponize prompt injections to exploit vulnerabilities in real MCP servers. See how an unsuspecting dev gets owned, step-by-step. π§΅
0
0
0
/1 π¨ mega-thread on exploiting MCP servers via prompt injection, buckle up π
5
26
77
We just dropped a deep dive on a series of vulnerabilities the Snyk Security Labs team found in NixOS! When chained together, they allow for a full privilege escalation from any user to root on a default installation. #NixOS #Linux #infosec #vulnerability
1
5
10
Rory at it again, privescing in NixOS! π₯
NixOS is super neat, I managed to find some vulnerabilities resulting in a pretty cool privilege escalation. I wrote about it here: https://t.co/N4S64hMMjL
0
0
1
π¨ New twist in the tj-actions attack: A complex story unfolding β started 3 months earlier than publicly known, slipping in through SpotBugs before spreading across orgs. More details here β¬οΈ https://t.co/u2q1ztpZXB
0
4
21
Latest research I've done on local AI security showcasing vulnerabilities in @jandotai's AI engine π΅οΈ
π¨ Security alert! We found vulnerabilities in Cortex.cpp (Jan AI). While self-hosted #AI is booming, security can't be an afterthought. Dive into our findings and how we addressed them. π
0
0
0
Unveiling the mysteries of ComfyUI Custom Node Vulnerabilities with our latest blog post! π΅οΈββοΈ Dive deeper into plugin ecosystem security with our seclabs team's in-depth exploration. Don't miss it! β‘ #AppSec #AIsecurity #ComfyUI More here:
labs.snyk.io
This research focuses on ComfyUI, a popular stable diffusion platform with over 1,300 custom node extensions available. Through real-world examples, we demonstrate how even seemingly minor vulnerab...
0
2
12
π¨ BREAKING π¨The Snyk research team has uncovered 4 critical security vulnerabilities (#LeakyVessels) impacting core container tech including Docker, runc & related cloud infrastructure like Kubernetes. Get more details, including mitigation tips here π
labs.snyk.io
Snyk Security Labs Team has identified four container breakout vulnerabilities in core container infrastructure components including Docker and runc, which also impacts Kubernetes.
0
31
59
#FetchtheFlag 2022 is a wrap! Had loads of fun creating some of the challenges and running it. Time to do some research π΅οΈ
π Huge thanks to everyone for participating in this year's #FetchtheFlag #CTF! It was a blast π₯ Be on the lookout tomorrow for the solution write-ups. In the meantime, let us know β what were your favorite challenges? What challenges drove you crazy? π
3
1
6
Created a repo that shows how to find the latest #OpenSSL CVE-2022-3602 buffer overflow using libFuzzer. https://t.co/YGjnFi9PWE
github.com
Contribute to supriza/openssl-v3.0.7-cve-fuzzing development by creating an account on GitHub.
0
0
1
Do you have ideas how to find new classes of bugs with fuzzing? Now you can get a reward of over $11K for every detector. Great initiative by @Google's OSS-Fuzz team to foster the work on exploring the potential of #fuzzing beyond memory corruption bugs. https://t.co/JpZg4cJhIV
security.googleblog.com
Posted by Jonathan Metzman, Dongge Liu and Oliver Chang, Google Open Source Security Team Recently, OSS-Fuzz βour community fuzzing servi...
0
22
91
π¨ A malicious actor targeting a still unknown company is using an internal #JS package "gxm-reference-web-auth-server". If your company uses this package, make sure to inform your #AppSec team. More info here. π #npm #JavaScript
https://t.co/hGWO3SQ7LT
snyk.io
Once in a while we encounter a truly malicious package that has a purpose, means, and is production-ready β this is a story about one found in npm: gxm-reference-web-auth-server.
1
11
19
True true
a watched fuzzer never finds crashes
0
0
0
Look mom, we created a CTF π
β³οΈ Start the new year right with some fun #CTF practice! That's right β our #SnykCon 2021 CTF challenges are now available online so you can prepare for the next CTF (#FetchTheFlag). π€ Register below and have fun! π: https://t.co/dz2YMSysxI
0
0
1
"1-Click to Infiltrate your Organization via Vulnerable VS Code Extensions" by @byte89 and Raul Onitza-Klugman is now available on-demand! https://t.co/J75eox3z8R
1
2
3
First meetup ever - check! First sticker on my laptop - check! (@liran_tal was told yours is waiting for you in the desert) Thanks #NegevWebDevelopers and @yanaiEdri for having me.
4
1
7
ΒΏQuΓ© charlas habrΓ‘ este aΓ±o en el Main Track de la #Eko2021?ππ π₯1-CLICK TO INFILTRATE YOUR ORGANIZATION VIA VULNERABLE VS CODE EXTENSIONS by @supriza0 & @byte89 Para leer la descripciΓ³n y comprar tu entrada π https://t.co/G8NXEkYDRA
0
2
5
Things I enjoy lately: 1. Catching up on binary exploit techniques. 2. Changing my son's diaper while he sleeps.
0
0
1
