Florian Grunow – Insinuator.net

September 2, 2025 by Florian Port

Vulnerability Disclosure: Stealing Emails via Prompt Injections

With the rise of AI assistance features in an increasing number of products, we have begun to focus some of our research efforts on refining our internal detection and testing guidelines for LLMs by taking a brief look at the new AI integrations we discover.

Alongside the rise of applications with LLM integrations, an increasing number of customers come to ERNW to specifically assess AI applications. Our colleagues Florian Grunow and Hannes Mohr analyzed the novel attack vectors that emerged and presented the results at TROOPERS24 already.

In this blog post, written by my colleague Malte Heinzelmann and me, Florian Port, we will examine multiple interesting exploit chains that we identified in an exemplary application, highlighting the risks resulting from the combination of sensitive data exposure and excessive agency. The target application is an AI email client, which adds a ChatGPT-like assistant to your Google Mail account.

Ultimately, we discovered a prompt injection payload that can be concealed within HTML emails, which is still interpreted by the model even if the user does not directly interact with the malicious email.

Continue reading “Vulnerability Disclosure: Stealing Emails via Prompt Injections”

Misc

September 9, 2024 by Florian Grunow

Announcement: Progress / Kemp LoadMaster CVE-2024-7591

Hey everybody,

during a recent Red Teaming engagement Marius Walter from ERNW found a command injection issue in Progress (Kemp) LoadMaster. It was registered as CVE-2024-7591 and scores a CVSS of 10.0.

The vendor already has patches out, make sure to apply them as this is a high severe issue. You can find the official announcement and the patch references on the official support page.

Marius will follow up with a technical blog post on this issue once we think everybody had a realistic chance of applying the patches.

Misc

February 6, 2024 by Florian Grunow

Considerations on AI-Security – Part I: Introduction and Nondeterminism

Hey there!

This is the first blog post in a series about issues we think are currently relevant in the field of AI-Security. The intention is not to get full coverage of the topic, but to point out things that seem practical and relevant. We will base some of our statements on lab setups and real-life examples. The technology that we will focus on is chat bots based on generative AI, mainly OpenAI’s ChatGPT. Right now, this specific application of AI in the wild seems to be the best way to demonstrate issues and pitfalls when it comes to IT security.

Continue reading “Considerations on AI-Security – Part I: Introduction and Nondeterminism”

Building

October 20, 2023 by Florian Grunow

Student Project – Audit Framework

Introduction

In 2021, ERNW collaborated with Hochschule Mannheim for their CEP (Cyber Security Entwicklungsprojekt) to build an auditing framework for testing operating system configurations against security procedures. This project is part of the education program of the university to give the students the chance to utilize the knowledge gained throughout the first semesters in a real world project. ERNW posed as the fictitious customer, providing a requirements document and regular meetings with all project groups for feedback. We planned to process and adapt the results for an open source auditing framework. Unfortunately, we were not able to finish this project yet, but we think the students should get some attention for their work independent from our side. So here is a short summary of what the students created and the corresponding repositories.
Continue reading “Student Project – Audit Framework”

Misc

December 16, 2022 by Florian Grunow

Hilarious Buffer Overflow Mitigation and TCL Injection in CheckPoint Gaia Portal

Hey there,

I am going to disclose two bug classes I found a while ago in CheckPoint R77.30: Two buffer overflows in the username (no shit) and HTTP method of a request to the administrative UI pre-auth and some interesting injections into the TCL web interface.

Continue reading “Hilarious Buffer Overflow Mitigation and TCL Injection in CheckPoint Gaia Portal”

Breaking

November 23, 2018 by Florian Grunow

Plume Twitter Client URL Spoofing

It is possible to spoof the URLs that Plume will open to arbitrary locations because of how Plume parses URLs. The preview of an URL in a tweet will show the complete (at least the host name and the first few chars of the URL) but shortened URL. However, if the URL contains a semicolon (;) the URL that will be opened is the part after the semicolon. Continue reading “Plume Twitter Client URL Spoofing”

Breaking

May 16, 2018 by Florian Grunow

Security of Busch-Jaeger IP Gateway

IoT is everywhere right now and there are a lot of products out there. I have been looking at an IP Gateway lately and found some serious issues. The Busch-Welcome IP-Gateway from Busch-Jaeger is one of the devices that bridges the gap between sensors and actors in your smart home and the network/Internet. It enables the communication to a door control system that implements various smart home functions. The device itself is offering an HTTP service to configure it, which is protected by a username and password. Some folks even actually expose the device and its login to the Internet. I tried to configure one of these lately and stumbled upon some security issues that I would like to discuss in this blog post.
Continue reading “Security of Busch-Jaeger IP Gateway”

Breaking

March 15, 2018 by Florian Grunow

Squirrelmail Full Disclosure – TROOPERS18

Birk an me basically fully disclosed a 0day in Squirrelmail yesterday. This is a short Q&A to answer the most common questions about the issue to calm you all down a little bit. 😉

Continue reading “Squirrelmail Full Disclosure – TROOPERS18”

Events

September 28, 2017 by Florian Grunow

HITCON CMT 2017

Some of our Troopers had the chance to visit HITCON conference in Taiwan this year. There are two main events: HITCON Pacific, which is aimed more at corporate attendees and HITCON CMT, the community edition, which aims at students and the general Infosec community. HITCON is the biggest security conference in Taiwan.

Continue reading “HITCON CMT 2017”

Misc

December 28, 2016 by Florian Grunow

Woolim – Lifting the Fog on DPRK’s Latest Tablet PC

Niklaus, Manuel and me had a great time speaking about one of the latest Tablet PCs from DPRK at 33C3 this year. Our work on RedStar OS from last year revealed a nasty watermarking mechanism that can be used to track the origin and distribution path of media files in North Korea. We have seen some interesting dead code in some of RedStar’s binaries that indicated a more sophisticated mechanism to control the distribution of media files. We got hands on a Tablet PC called “Ul-lim” that implemented this advanced control mechanism.

Continue reading “Woolim – Lifting the Fog on DPRK’s Latest Tablet PC”