Hearmen

ChatGPT vs DeepSeek R1 Same prompts. Wildly different results. I’ve included videos to prove it: THREAD ↓

@learnprompting hi,I think it is a novel attack, but I wonder how does it work ?

📙Introducing The Context Overflow Attack...  In this attack, a user appends thousands of characters of text to a prompt to leave only a few tokens available for generation. Verbose models like ChatGPT will then only be able to produce the malicious tokens.

A few months ago, we ran HackAPrompt, the first-ever global Prompt Hacking competition! Over 3K hackers submitted 600K malicious prompts to win $35K in prizes from companies like @PreambleAI, @OpenAI, & @huggingface We analyzed 29 different techniques & found a NEW exploit👇🧵

@ShieldifySec 1. "safeTransferFrom" result do not checked 2. "minted" and "deposited" plus with the same rate，without considering division will lost accuracy. witch will lead the "sharesToMint" Getting smaller and smaller

Wait, what is it? Another Code Quiz! Here's a very simple deposit function with quite a simple bug to get you into attacker mindset before diving into audits for today. Can you spot it?

I think maybe I missed a marvelous vulnerability😭😭😭 mp.weixin.qq.com/s/Bklnu0RhF8bn…

Be careful when you use `keccak256(msg.data)`. It can contain dirty higher order bits which could lead to malleability attacks. From the Solidity docs 👇

Here's an architecture diagram created for @zetachain's $150K C4 audit. Scroll down for other resources from the pre-audit competition that might help you in your efforts👇

@eternalsakura13 how about codeql

I would like to learn about some well-known static analysis tools. Do you have any recommendations? (whether open source or closed source) Thanks :)

@llm_sec Great job! ust a quick suggestion, would it be possible to include a timestamp for each entry to make it easier for us to read?

Site update: llmsecurity.net now has links to most of the papers & posts this account has posted, categorised into aspects of LLM security. The intent is to keep this up to date. Happy reading! (i'll buy a coffee for the first correct explanation of the banner)

Today, we are releasing RPC Investigator, made for exploring RPC clients and servers on Windows. This .NET application builds on the NtApiDotNet platform, adding features that offer a new way to explore RPC blog.trailofbits.com/2023/01/17/rpc…

@anning32658481 @wangzhian8848 ???????

看电视。

@eternalsakura13 这都是什么奇怪的模块了

Chrome CVE + 2 :)

Opening some of my v8 / chromium “CTF” exploits :), Google CTF - gist.github.com/hkraw/78b86951… Cor CTF - gist.github.com/hkraw/b665b1be… UIU CTF - gist.github.com/hkraw/32a996a3… 0CTF 2020 with CFI - gist.github.com/hkraw/455545fb… RedPwn - gist.github.com/hkraw/07fea48a…

@hi_ztz 吸溜

本次在 KCon 上发表的 DNS 顶级域劫持的相关研究 #xnrVZMZ4sKLEt_uOH4AjEHplNfRinnZHGWB31lfp1WY" target="_blank" rel="nofollow noopener">mega.nz/file/h00RXQRQ#…

@yuange75 yuange, how about your 社保

时间飞逝，转眼就陪伴一起走过近2000天，又到了要说再见的时候了。 一个月后，挥挥手说声江湖再见，一切就将成为回忆。

@FlowerCode_ 川神好厉害

More formatting bugs?😅

Got It, Thanks HITB @HITBSecConf #HITB2021AMS

🐒

@CurseRed Browser initiated navigation will trigger `before unload` before network and trigger `unload` after new page is committed. 🧐

By setting window.location in 𝚋𝚎𝚏𝚘𝚛𝚎𝚞𝚗𝚕𝚘𝚊𝚍 event, you can redirect to another URL when a user is trying to leave your website. This works on Chrome and Firefox🤔 Existing links about this bug: - Monorail bit.ly/3mbiVYz - Bugzilla mzl.la/3fK1BbZ

@Ox9A82 去哪里了呀