Stefano Zanero

@[email protected]
1.6K Followers
351 Following
2.9K Posts
Tinkerer, security geek, recovering entrepreneur, full professor at www.polimi.it, frequent flyer, private pilot, and generic pundit.
This account used to just repost content from my Twitter account, but I am now moving to posting here, because *gestures wildly at Twitter tire fire*
Instagram (aviation)https://www.instagram.com/raistolo
Show threadStefano ZaneroOct 9, 2024
@luigirenna @pixouls awwwwwww
Stefano ZaneroAug 11, 2024

It might be the first time I see @tprophet at a loss for words. He just got surprised with an Uber contributor award by @defcon / @thedarktangent

I cannot think of anyone more deserving of an award for a lifetime of contribution to this strange hacker family that meets yearly!

Stefano ZaneroJul 31, 2024
James KettleJul 31, 2024
Have you ever been tempted to dive down the security research rabbit-hole? I'll be sharing insights on how to navigate the rewards and hazards with legendary researchers Natalie Silvanovich and @raistlin in a community panel session at Black Hat USA next week!
Show threadStefano ZaneroJun 19, 2024
@informapirata @privacypride vero! Ma quando mi taggate arrivo ☺️
Show threadStefano ZaneroMay 1, 2024
@SteveBellovin congratulations, you have been an inspiration and I learned much from your work. To reflect on the impact you had on our field is humbling, I think, for any (relatively) younger academic!
Stefano ZaneroMay 1, 2024
Steve BellovinApr 30, 2024
I gave a retirement/farewell talk today. Video at https://www.cs.columbia.edu/~smb/talks/farewell.mp4; slides at https://www.cs.columbia.edu/~smb/talks/farewell.pdf.
Stefano ZaneroApr 18, 2024
Show threadKenn WhiteApr 18, 2024
Liu et al's preprint: https://arxiv.org/pdf/2309.02926.pdf
BlackHat abstract: https://www.blackhat.com/asia-24/briefings/schedule/index.html#llmshell-discovering-and-exploiting-rce-vulnerabilities-in-real-world-llm-integrated-frameworks-and-apps-37215
Stefano ZaneroApr 18, 2024
Kenn WhiteApr 18, 2024

Incredible research at BlackHat Asia today by Tong Liu and team from the Institute of Information Engineering, Chinese Academy of Sciences (在iie.ac.cn 的电子邮件经过验证)

A dozen+ RCEs on popular LLM framework libraries like LangChain and LlamaIndex - used in lots of chat-assisted apps including GitHub. These guys got a reverse shell in two prompts, and even managed to exploit SetUID for full root on the underlying VM!

Stefano ZaneroApr 10, 2024
@pirati @informapirata @mariosiniscalchi nope!
Show threadStefano ZaneroApr 9, 2024
@paoloredaelli adesso, sono un po’ ingrassato, ma “calibro”…