Anthony Weems (@amlweems) / X

Anthony Weems

178 posts

Anthony Weems

@amlweems

Cloud Vulnerability Research • The opinions stated here are my own, not those of my company.

Joined April 2008

Pinned
Anthony Weems
@amlweems
Oct 4, 2024
Learn how Google CVR could have potentially exfiltrated Gemini 1.0 Pro before launch last year. We describe the vulnz, the fix, and tips for bughunters. Also, shout-out to @epereiralopez for teaming up to adapt this work to another cloud provider.
Google Cloud Security
@GoogleCloudSec
Oct 4, 2024
Today our Cloud Vulnerability Research (CVR) team shared this research into LLM security, which is broadly applicable to AI domain security practitioners working in this rapidly evolving space. Learn more: bit.ly/3TWYrF3
bughunters.google.com
Blog: Protecting Large Language Models
This blog post describes Google's approach to vulnerability research on our Cloud AI Platform, Vertex AI. We're sharing this so that external researchers can learn from our work and to help them...
37K
Anthony Weems
@amlweems
Apr 1, 2024
I've been reverse engineering the xz backdoor this weekend and have documented the payload format and written a proof-of-concept exploit for the RCE. The payloads are signed with an ED448 key, so I patched my own key into the backdoor for testing. :-) github.com/amlweems/xzbot
633K
Anthony Weems
@amlweems
Aug 19, 2021
Just finished Portswigger's new Burp Suite Certification. I've always been a huge fan of the @WebSecAcademy and this is an excellent capstone on the labs. Thanks @PortSwigger for all the educational content! #burpsuitecertified
Anthony Weems
@amlweems
Apr 16, 2020
Replying to @WebSecAcademy
Thanks for this round of labs! The last two are definitely the most challenging. For anyone stuck, I *highly* recommend this blog post from @_atorralba: ackcent.com/blog/in-depth-…. Although the conditions are different, it's an excellent walkthrough of the process.
In-depth Freemarker Template Injection - Ackcent
From ackcent.com
Anthony Weems
@amlweems
Feb 1, 2022
I'm really excited for this video! I got a chance to collab with @LiveOverflow and share the process for discovering the localhost bypass for CVE-2021-45046 with code review and differential fuzzing. :)
LiveOverflow 🔴
@LiveOverflow
Feb 1, 2022
After the log4shell vulnerability was patched with version 2.15, another CVE was assigned. Let's have a closer look at the localhost JNDI connections bypass and learn about fuzzing Java applications. youtube.com/watch?v=kvREvO…
Anthony Weems
@amlweems
Mar 9, 2021
My team @praetorianlabs just published our work in reverse engineering the Proxylogon patches for CVE-2021-26857, CVE-2021-26855, and CVE-2021-27065. I learned a lot more about Exchange than I thought I'd ever need, but had a blast.
Reproducing the Microsoft Exchange Proxylogon Exploit Chain
From praetorian.com
Anthony Weems
@amlweems
Mar 19, 2021
Replying to @albinowax and @webtonull
A few years ago I accidentally found a vuln like this while using Turbo Intruder for password guessing. Was getting inconsistent results (e.g. valid session for a user with an invalid password). Thought I'd found a bug in Turbo Intruder, but it was a race condition in my target.
Anthony Weems
@amlweems
Apr 3, 2024
Replying to @julianor
It turns out there is an option to sign the full command, I've updated the repo to clarify.
630
Anthony Weems
@amlweems
Apr 2, 2024
Replying to @solardiz
This is an excellent point, I had only been considering the simple case where the values were e.g. 2*1+0, but it makes more sense that they'd be large ints to look less suspicious. I'll update the .patch later today.
2.9K
Anthony Weems
@amlweems
Apr 2, 2024
Replying to @julianor and @CodeAsm_
I've tested and signature replay works as expected, allowing modification of the command (except the first 5 chars). But I agree it is unrealistic until we actually capture a real signature (which may never happen).
114
Anthony Weems
@amlweems
Aug 5, 2020
Awesome new work from @albinowax on cache poisoning. Cache Key Injection especially feels like it should have some interesting variants. portswigger.net/research/web-c…
Anthony Weems
@amlweems
Jul 26, 2023
Replying to @0xdabbad00
Nice catch, the Zenbleed advisory should be back up as GCP-2023-020 now.
376
Anthony Weems
@amlweems
Mar 16, 2018
This is one of the most exciting projects I got to work on last year. 🙂
Praetorian
@praetorianlabs
Mar 16, 2018
Helping @wpengine #Secure Its Next Generation Architecture and #Kubernetes Implementation. #Security #InfoSec #AppSec #containerization youtu.be/Hd3okZQ9z-M via @praetorianlabs
Anthony Weems
@amlweems
Mar 24, 2021
Thanks for the seamless contribution process! Cheers to @BouncyHat and @dallasl1200 😄
Maddie Stone
@maddiestone
Mar 24, 2021
Thanks to @amlweems, Michael Weber, and Dallas Kaman for performing an analysis on CVE-2021-26855, the Microsoft Exchange SSRF vuln! googleprojectzero.github.io/0days-in-the-w…