Author name: Martin

Data exfiltration from a large language model (LLM) can be performed using markdown formatting and link printing by embedding sensitive information within URLs, with chat history appended as query parameters. For instance, an attacker could craft a markdown link that appears harmless but actually encodes extracted data within the URL, directing it to an external server under their control. When the user clicks the link, the browser sends the query parameters—containing sensitive chat history or model outputs—to the attacker’s server, effectively leaking data without raising suspicion. This method leverages the fact that markdown allows hyperlinking without alerting the user to the true nature of the destination, making it a stealthy exfiltration vector.

In this video we take a look at solving the promptairlines.com challenge (Flag 5)

In this video we take a look at solving the promptairlines.com challenge (Flag 4)

In this video we take a look at solving the promptairlines.com challenge (Flag 3)

In this video we take a look at solving the promptairlines.com challenge (Flag 1 and 2)

In this video we will take a look at various prompt injection issues in Grok X AI

In this video we will take a look at flag 3 of myllmbank.com

In this video we will take a look at flag 2 of myllmbank.com

In this video we will take a look at flag 1 of myllmbank.com

This is a walkthrough of the SecOps Group AI/ML Pentester Mock Exam 2