Offensive Security Research
Breaking AI,
hypervisors &
the things you trust.
Jihwan yoon(blackcon)의 공격 보안 연구 공간입니다. AI/LLM 인프라와 가상화 스택을 파고들며, 익스플로잇 개발·리버싱·취약점 분석을 기록합니다. 최신 연구는 아래에서 확인하세요.
AI / LLM SecurityHypervisorsReversingExploit DevMCP SecurityJinja2 SSTIPwn2OwnHackerOneFuzzingRCE
AI / LLM SecurityHypervisorsReversingExploit DevMCP SecurityJinja2 SSTIPwn2OwnHackerOneFuzzingRCE
Featured research
엄선한 취약점 연구와 공개 자료.
Research · AI-Security
Claude Code의 trust prompt 우회 3종 — HackerOne 제보와 "intended behavior" 종결
Three independent ways to bypass Claude Code's trust prompt for silent shell execution from a cloned repo — and why Anthropic closed all three as i...
2026.05.12 Research · AI-Security LiteLLM에서 발견한 Jinja2 SSTI 취약점 — Pwn2Own 2026 출전 시도와 silent fix 분석A single unauthenticated request reached uid=0 on the LiteLLM proxy via Jinja2 SSTI — a critical RCE silently patched days before a planned Pwn2Own...
2026.05.03 Research · MCP MCP 보안 취약점, Advanced-Tool-Poison-AttackAdvanced Tool Poisoning hides malicious instructions in MCP tool outputs rather than descriptions, defeating defenses that only inspect tool metadata.
2025.04.10 Research · MCP MCP 보안 취약점, Tool-Poison-AttackHow Tool Poisoning hides malicious instructions inside MCP tool descriptions to manipulate the LLM that consumes them.
2025.04.10 Research · Hyper-v HVFUZZA Hyper-V hypercall fuzzer built on hAFL2 for hunting bugs in the Microsoft virtualization stack.
2022.03.29