all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

225 - Prompting for Secrets and Malicious Extensions

Add to bookmarks
Nov. 21, 2023, 1 p.m. | zi

DAY[0] dayzerosec.com

This week has an interesting mix of issues, starting with a pretty standard template inject. Then we get into a Windows desktop issue, a TOCTOU in how the Mark-of-the-Web would be applied to file extracted from an archive, a privilege escalation from a Chrome extension, and a bit of a different spin on what you could do with a prompt injection.

archive bounty-podcast chrome chrome extension desktop escalation extension extensions file inject issue malicious malicious extensions mark podcast privilege privilege escalation secrets spin standard template toctou web week windows

Visit resource

More from dayzerosec.com / DAY[0]

252 - Bypassing KASLR and a FortiGate RCE 1 month, 1 week ago | dayzerosec.com
aslr binary-podcast bypass bypassing +12
251 - RCE’ing Mailspring and a .NET CRLF Injection 1 month, 1 week ago | dayzerosec.com
attack bounty bounty-podcast bypass +9
250 - Future of Exploit Dev 1 month, 2 weeks ago | dayzerosec.com
binary-podcast corruption dev development +12
249 - libXPC to Root and Digital Lockpicking 1 month, 2 weeks ago | dayzerosec.com
android bounty-podcast bypass check +11
248 - Binary Ninja Free and K-LEAK 1 month, 3 weeks ago | dayzerosec.com
automated binary binary ninja binary-podcast +10
247 - Hacking Google AI and SAML 1 month, 3 weeks ago | dayzerosec.com
auth bounty-podcast bypass google +7
246 - Rust Memory Corruption??? 2 months ago | dayzerosec.com
access binary-podcast code corruption +9
245 - A PHP and Joomla Bug and some DOM Clobbering 2 months ago | dayzerosec.com
api bounty-podcast bug cache +15
244 - Linux Burns Down CVEs 2 months, 1 week ago | dayzerosec.com
binary-podcast cves down fuzzing +3

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Senior Software Engineer, Security

@ Niantic | Zürich, Switzerland
View on infosec-jobs.com

Consultant expert en sécurité des systèmes industriels (H/F)

@ Devoteam | Levallois-Perret, France
View on infosec-jobs.com

Cybersecurity Analyst

@ Bally's | Providence, Rhode Island, United States
View on infosec-jobs.com

Digital Trust Cyber Defense Executive

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com

Program Manager - Cybersecurity Assessment Services

@ TestPros | Remote (and DMV), DC
View on infosec-jobs.com
View more jobs