all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

225 - Prompting for Secrets and Malicious Extensions

Add to bookmarks
Nov. 21, 2023, 1 p.m. | zi

DAY[0] dayzerosec.com

This week has an interesting mix of issues, starting with a pretty standard template inject. Then we get into a Windows desktop issue, a TOCTOU in how the Mark-of-the-Web would be applied to file extracted from an archive, a privilege escalation from a Chrome extension, and a bit of a different spin on what you could do with a prompt injection.

archive bounty-podcast chrome chrome extension desktop escalation extension extensions file inject issue malicious malicious extensions mark podcast privilege privilege escalation secrets spin standard template toctou web week windows

Visit resource

More from dayzerosec.com / DAY[0]

254 - Memory Corruption: Best Tackled with Mitigations or Safe-Languages? 2 weeks, 1 day ago | dayzerosec.com
binary-discussion-podcast cisa corruption languages +8
253 - A Retrospective and Future Look Into DAY[0] 3 weeks, 4 days ago | dayzerosec.com
air change episode future +5
252 - Bypassing KASLR and a FortiGate RCE 2 months, 1 week ago | dayzerosec.com
aslr binary-podcast bypass bypassing +12
251 - RCE’ing Mailspring and a .NET CRLF Injection 2 months, 1 week ago | dayzerosec.com
attack bounty bounty-podcast bypass +9
250 - Future of Exploit Dev 2 months, 2 weeks ago | dayzerosec.com
binary-podcast corruption dev development +12
249 - libXPC to Root and Digital Lockpicking 2 months, 2 weeks ago | dayzerosec.com
android bounty-podcast bypass check +11
248 - Binary Ninja Free and K-LEAK 2 months, 3 weeks ago | dayzerosec.com
automated binary binary ninja binary-podcast +10
247 - Hacking Google AI and SAML 2 months, 3 weeks ago | dayzerosec.com
auth bounty-podcast bypass google +7
246 - Rust Memory Corruption??? 3 months ago | dayzerosec.com
access binary-podcast code corruption +9

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com