Jose Selvi

A few weeks ago, I coded an HTTP to MCP bridge, so you can use your favorite HTTP tools to assess the functionality exposed by a remote MCP server. It would be great if you could contribute with your feedback. Thanks! nccgroup.com/us/research-bl…

I have seen many articles written on MCP and its security, but I think there is still room for some in-depth analysis and for some security tips resulting from it. Even if you have read other articles, you may still learn a thing or two. Do have a read! nccgroup.com/us/research-bl…

Great post from @JoseSelvi on securing MCP (Model Context Protocol) setups for LLMs 👇 nccgroup.com/us/research-bl… It sparked a few thoughts on how we might start building secure-by-default patterns into MCP clients and servers: ❓Should these run in containers out of the box, with sandboxing guidance baked in? ❓Could we ship default firewall rules scoped to common tool usage? ❓Maybe even a prompt injection filter layer between the LLM and MCP server - especially if tools come from untrusted sources? If MCP is going to be a standard for tool-using agents, now’s the time to start hardening the foundation - before it becomes widely adopted and harder to retrofit. Anyone already working on this?

Have you ever used PyRIT for AI Security Assessments and Red Teaming? Learn how it works under the hood and maintain control of the process by proxying it! nccgroup.com/us/research-bl…

@pwntester @ctbbpodcast @nmatt0 Happy to see that Delorean is still useful 10 years later. Time doesn't matter, or well... it does if you use Delorean 😉

@ctbbpodcast @nmatt0 Cc @JoseSelvi

If you need to spin up a spoofed NTP server, try using Delorean! Features include: ✅ Flag-based config for custom scenarios. ✅ Static, random, or relative time adjustments. ✅ Integrates with ntpdate. (Featured in @nmatt0's bug of 2024) Check it out: loom.ly/vT2lfTk

Great to see tools like @radareorg and #evilwinrm incorporating AI-powered capabilities. Looking forward to seeing others do the same!

Fresh meat! We've created a new Evil-WinRM branch with integrated multiple AI LLM support. New docker image, new gem (gem install evil-winrm-ai) and new possibilities Check it out and let us know what you think github.com/Hackplayers/ev… Happy hacking #evilwinrm #hacking #llm #ai

Thanks to @NavajaNegra_AB for giving me the opportunity to share my experience with transformers and AI security with such an amazing audience. It was great to spend a few days meeting and old friends, and also to make new ones! This is why I love this event. See you next year!

On Oct 3, I'm speaking at @NavajaNegra_AB on "The Power of Transformers." Explore how they work, their unique vulnerabilities, and protection strategies, focusing on prompt injection. See you there! #MachineLearning #Cybersecurity

@eldpit ¡Me pillaste!

🔥 Microsoft fixed a high severity data exfiltration exploit chain in Copilot that I reported earlier this year. It was possible for a phishing mail to steal PII via prompt injection, including the contents of entire emails and other documents. The demonstrated exploit chain consists of techniques that didn't even exist 2 years ago. 🔥 In particular, it involves: 1. Prompt Injection 💉 2. Automatic Tool Invocation (without human in loop) to bring PII into chat context ⚙️ 3. ASCII Smuggling 🫣 4. Rendering of benign link + invisible text 👀 5. (Optional) Conditional instructions to only trigger when certain users view the content ☝️ Discussing two demos (stealing sales data and MFA codes), including the videos I had shared with MSRC in February. @simonw @goodside @llm_sec embracethered.com/blog/posts/202…

🤖 TL;DR: Every AI Talk from Hacker Summer Camp 2024 There were >60 AI-related talks at @BSidesLV, @BlackHatEvents, and @defcon this year I wanted to know what everyone was working on, so I gathered all of the talks in one place And then summarized their abstracts in 1 (and then 2-3 sentences) and grouped them by category So you can quickly grok >60 talks in ~15min tldrsec.com/p/tldr-every-a…

Our latest blog is now live courtesy of @Kachakil! After an accidental discovery and no small amount of poking around, Daniel wrote up his experience identifying and reporting vulnerabilities in the Homepage dashboard. Check it out here: anvilsecure.com/blog/vulnerabi…

This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n

Kudos to our research team and @sagitz_ for uncovering this 🚀 Read the full blog by @sagitz_ & @shirtamari wiz.io/blog/probllama…

Wiz Research discovered a vulnerability in @Ollama that let them compromise any exposed Ollama server. 😲 📷 This flaw could allow attackers to gain remote code execution and alter prompt answers to generate misleading information.

#Google's publishes details of #LLM assisted #vulnerability research project code-named "Naptime" because it allows Google Cyber Security researchers to take regular naps while it helps us out with their jobs: googleprojectzero.blogspot.com/2024/06/projec… googleprojectzero.blogspot.com/2024/06/projec…

Great results on CyberSecEval 2! "Project Naptime", an agent from the Project Zero team at Google, achieves new top scores of 100% on the “Buffer Overflow" tests (from 5%) and 76% on the "Advanced Memory Corruption" tests (from 24%).

Is refusing to use a LLM the modern equivalent to not wanting to use the spell checker of your favorite text editor? When used properly, it's an amazing tool that nobody should mind using.