theMiddle

Influencing LLM Output using logprobs and Token Distribution What if you could influence an LLM's output not by breaking its rules, but by bending its probabilities? In this deep-dive, we explore how small changes in user input (down to a single token) can shif...

What if you could influence an LLM's output not by breaking its rules, but by bending its probabilities?

Using logprobs and token distribution visualizations, we reveal how prompts can be carefully crafted to guide the model’s behavior.

blog.sicuranext.com/influencing-...

Ciao! If you enjoyed our latest research on the SicuraNext blog, you can vote for it in the Top 10 Web Hacking Techniques!
portswigger.net/polls/top-10-w…

- Breaking Down Multipart Parsers: File upload validation bypass
- Response Filter Denial of Service (RFDoS)

❤️

Response Filter Denial of Service (RFDoS): shut down a website by triggering WAF rule TL;DR: Basically, if a target website is protected by a WAF using the OWASP Core Rule Set or Comodo Rule Set or Atomicorp Rule Set, you can send the string ORA-1234 or OracleDrive or ASL-CONFIG-FILE i...

👋🏻 Bluesky! I'm going to repost here my research about RFDoS "Response Filter Denial of Service: shut down a website by triggering WAF rules" blog.sicuranext.com/response-fil...

cool, tell me more!

Breaking Down Multipart Parsers: File upload validation bypass TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...

My last research about how to break multipart/form-data parsers on HTTP file upload blog.sicuranext.com/breaking-dow...