Rory McNamara

Sep 9, 2024 | snyk.io | Rory McNamara

IntroductionWith the recent release of Ubuntu 24.04, we at Snyk Security Labs thought it would be interesting to examine the latest version of this Linux distribution to see if we could find any interesting privilege escalation vulnerabilities.

Aug 28, 2024 | snyk.io | Elliot Ward |Rory McNamara |Mateo Rojas-Carulla |Sam S. Watts |Eric Allen |Eric Van Allen

Written by: August 28, 2024 0 mins readOver the last 18 months, you’ve probably heard about Large Language Models (LLMs) like OpenAI’s GPT and Google’s Gemini. Whether you’re using them as a personal research assistant, an editor, or a data analyst, these tools represent a new frontier of Machine Learning (ML) and Artificial Intelligence (AI) and arguably will have the most significant impact of any technology in this decade.

Jun 20, 2024 | snyk.io | Elliot Ward |Rory McNamara

After our recent successes exploring WebSocket Hijacking vulnerabilities, we decided to expand this research project into other attacks that involve WebSockets. We started by looking at WebSocket smuggling attacks and expanded our scope to include HTTP response header injection attacks and potential novel impacts. This post outlines what we believe to be novel attacks against HTTP application middleware based on the simple foundation of HTTP response header injection.

Feb 5, 2024 | packetstormsecurity.com | Rory McNamara |Fernando Mengali

## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Post::File include Msf::Exploit::EXE include Msf::Exploit::FileDropper prepend Msf::Exploit::Remote::AutoCheck def initialize(info = {}) super( update_info( info, 'Name' => 'runc (docker) File Descriptor Leak...