Followup links for All You Need Is Guest RSAC 2024

less than 1 minute read

Assorted links for All You Need Is Guest @ RSAC 2024:

Power Platform DLP Bypass via Copy & Paste
OWASP No-Code / Low-Code Top 10
powerpwn
Microsoft docs on EntraID multitenant sharing options

Other talks (slides and source code)

All You Need is Guest @ BlackHat USA 2023
Sure, Let Business Users Build Their Own. What Could Go Wrong? @ BlackHAt USA 2023
Low Code High Risk: Enterprise Domination via Low Code Abuse @ DEFCON30
No-Code Malware: Windows 11 At Your Service @ DEFCON30

Share on

X Facebook LinkedIn Bluesky

How Should AI Ask for Our Input?

2 minute read

Enterprise systems provide a terrible user experience. That’s common knowledge. Check out one of the flash keynotes about the latest flagship AI product by ...

Pwn the Enterprise - thank you AI! Slides, Demos and Techniques

6 minute read

We’re getting asks for more info about the 0click AI exploits we dropped this week at DEFCON / BHUSA. We gave a talk at BlackHat, but it’ll take time bef...

Someone Is Cleaning Up Evidence

1 minute read

AWS security blog confirms the attacker gained access to a write token and abused it to inject the malicious prompt. This confirms our earlier findings.

Reconstructing a timeline for Amazon Q prompt infection

4 minute read

In the 404media article the hacker explains how they did it:

Michael Bargury