Zenity Labs

Research, tools and talks about building and breaking copilots and no-code apps

Connect

Archive

TalksTalks

+2+2

A Summary of Zenity Research Published at BlackHat 2024

New Attack Vectors Discovered for Initial Access and Post-Compromise

Michael Bargury

Michael Bargury

TalksTalks

+1+1

Copilot Vulnerable to RCE: A New Attack Vector Into The Enterprise

We Need To Address Promptware Now

Michael Bargury

Michael Bargury

Security researchSecurity research

Phantom References in Microsoft Copilot

Tamir Ishay Sharbat

Gal Malka

Tamir Ishay Sharbat, +1

TalksTalks

+2+2

Links and materials for Living off Microsoft Copilot

Links, source code, tools and slides for BlackHat USA 2024

Michael Bargury

Michael Bargury

Security researchSecurity research

Indirect Prompt Injection: Advanced Manipulation Techniques

Tamir Ishay Sharbat

Tamir Ishay Sharbat

TalksTalks

+2+2

Links and materials for 15 Ways to Break Your Copilot

Links, source code, tools and slides for BlackHat USA 2024

Michael Bargury

Michael Bargury

Indirect Prompt Injection: From Initial Success to Robustness

Tamir Ishay Sharbat

Tamir Ishay Sharbat

TalksTalks

+2+2

Research Drop for Hacker Summer Camp 2024

More information on hacking Microsoft Copilot, Copilot Studio, powerpwn, and what to do next

Michael Bargury

Michael Bargury

Security researchSecurity research

RAG Poisoning: All You Need is One Document

Tamir Ishay Sharbat

Tamir Ishay Sharbat

Security researchSecurity research

+2+2

Phishing is Dead, Long Live Spear Phishing

Lana Salameh

Security researchSecurity research

How Copilot Reads Your Emails and Teams Messages

Tamir Ishay Sharbat

Tamir Ishay Sharbat

Security researchSecurity research

A Look Inside Microsoft Copilot’s RAG System

Tamir Ishay Sharbat

Tamir Ishay Sharbat