@kennwhite I was in the room at that session. It was quite interesting. It was just a few hours ago, are you there too?
Conversation
Notices
-
Elias Mårtenson (loke@functional.cafe)'s status on Sunday, 21-Apr-2024 01:09:39 UTC Elias Mårtenson - Santa Claes 🇸🇪🇭🇰🎅 likes this.
-
Kenn White (kennwhite@mastodon.social)'s status on Sunday, 21-Apr-2024 01:09:41 UTC Kenn White Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)
A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!