SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC
Update: 2025-04-29
Description
SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics
Mark Baggett released SRUM-DUMP Version 3. The tool simplifies data extraction from Widnows System Resource Usage Monitor (SRUM). This database logs how much resources software used for 30 days, and is invaluable to find out what software was executed when and if it sent or received network data.
https://isc.sans.edu/diary/SRUM-DUMP%20Version%203%3A%20Uncovering%20Malware%20Activity%20in%20Forensics/31896
Novel Universal Bypass For All Major LLMS
Hidden Layer discovered a new prompt injection technique that bypasses security constraints in large language models.
The technique uses an XML formatted prequel for a prompt, which appears to the LLM as a policy file. This Policy Puppetry can be used to rewrite some of the security policies configured for LLMs. Unlike other techniques, this technique works across multiple LLMs without changing the policy.
https://hiddenlayer.com/innovation-hub/novel-universal-bypass-for-all-major-llms/
CHOICEJACKING: Compromising Mobile Devices through Malicious Chargers like a Decade ago
The old Juice Jacking is back, at least if you do not run the latest version of Android or iOS. This issue may allow a malicious USB device, particularly a USB charger, to take control of a device connected to it.
https://pure.tugraz.at/ws/portalfiles/portal/89650227/Final_Paper_Usenix.pdf
SANS @RSA: https://www.sans.org/mlp/rsac/
Comments
In Channel
Download from Google Play
Download from App Store
United States00:00
00:00
1.0x
