The AI Agent Security - Multi-Step Tool Attacks simulation is now live! In partnership with @OpenAI, @Google and @IEEEorg, your challenge is to build an attack algorithm that stress-tests tool-using AI agents in a deterministic offline benchmark.

This reverse engineering work led its way to a fix in Chrome (subsequently Electron), with credit given back to me! Very cool to see, and happy to help the macOS ecosystem. I hope macOS fixes this huge issue soon. chromium-review.googlesource…

when building ai products, the key is having some reliable signal about what is working and what is not. whether that signal comes from evals, user feedback, your own taste, performance metrics, or just gut feel does not really matter as long as it is giving you actionable information about where to focus your efforts. the mistake is either having no signal at all (just building blindly) or getting caught up in the methodology of the signal rather than its utility. a formal eval that tells you nothing useful is worse than informal feedback that clearly points to real problems

A fix from Google was released today. Part of the issue was due to my misunderstanding based on previous reports. Big thanks to chromium team for the quick resolve I hope everyone had some fun, and apologies to the triagers on HackerOne XD

Imagine not having had any food to give your kids for 10 days.

Today I used a technique that’s probably not widely known in the community. In what cases could code like this lead to a vulnerability? ->

We did it! We tested 300 Bay Area foods for plastic chemicals. We found some interesting surprises. Top 5 findings in our test results: 1. Our tests found plastic chemicals in 86% of all foods, with phthalates in 73% of the tested products and bisphenols in 22%. It's everywhere. 2. We detected phthalates in most baby foods and prenatal vitamins. 3. Hot foods which spend 45 minutes in takeout containers have 34% higher levels of plastic chemicals than the same dishes tested directly from the restaurant. 4. The 1950s Army rations we tested contained surprisingly high levels of plastic chemicals. 5. Almost every single one of the foods we tested are within both US FDA and EU EFSA regulations. Check out our full results below.

in a couple weeks, i built a nuclear fusor in my bedroom – with zero hardware experience the secret? Claude sonnet 3.5 projects a glimpse into the process below

Pass-the-{token} attacks are still very much relevant. Tokens may change: Cookie, NT Hash, Kerberos ticket, MFA token, ... However, the problem is not in the "token" but in the "pass". We need a solutions to make tokens stay put, such as device and channel binding.

My latest blog about my discovery for Evernote Client All-platform RCE via PDF.js font-injection to preload.js exposed ipcRenderer-BrokerBridge-boron.actions bypassing Electron's nodeIntegration | context-isolation; Enjoy reading! 0reg.dev/blog/evernote-rce

I love crossover bugs that go between web/mobile/native because there's so much strange interactions that occur and a lot can go wrong - this research was another result of this! spaceraccoon.dev/universal-c…

happy to release my new article entitled: Next.js and cache poisoning: a quest for the black hole zhero-web-sec.github.io/rese… good reading;

Bouncy castles on one side, starvation and death on the other.

I threw together a quick blog post explaining the recent attack on AirDrop privacy, and how Chinese law enforcement is exploiting it. blog.cryptographyengineering…

Recently published a blog post on how I usually exploited client-side path traversals (and how that exploitation technique is somewhat mitigated now). Client-side path traversal is not novel, but sharing some insights from the last years: kapytein.nl/from-an-innocent…

Citrixbleed: On Oct 10th, Citrix announced a security advisory for CVE-2023-4966, a sensitive information disclosure bug marked as CVSS 9.4 affecting Netscaler Gateway. The security research team at @assetnote was able to reproduce the vulnerability. Blog post here: assetnote.io/resources/resea… or you can find the exploit here: github.com/assetnote/exploit…

Enjoyed Lisbon 🇵🇹! Thanks for the very well organized event, @intigriti. Congrats to the award winners @karel_origin, @arneswinnen, @MattiBijnens, @erbbysam, @p4fg, and all participants for the great results! #1337UP1023

Completely missed the Android 14 preview/beta releases, but looks like the 'safer dynamic code loading' feature will kill some RCE scenarios on Android applications which leverage an arbitrary file write via e.g. an unsafe unzip. developer.android.com/about/…

Check out my latest research, Prototype Pollution but in Python this time blog.abdulrah33m.com/prototy…