RewriteLab @RewriteLab

@PallavTrip9276 Thank you for your interest in our research I do not believe permission segmentation and HITL can prevent prompt injection attacks themselves. However, they are necessary risk management strategies for limiting the impact when a prompt injection attack occurs

We published a new research article on prompt injection in modern agentic systems This write-up covers: - direct and indirect prompt injection - multi-turn attack methodology - tool-calling and MCP-related abuse cases - case studies including WhatsApp MCP, GitHub MCP, and OpenClaw mitigation strategies such as permission segmentation, - sandboxing, PTC, and HITL Our goal was to provide a structured overview of how these attacks work and how they can be addressed in practice Full write-up: research.rewritelab.org/2026/04/03/%5B…

We also discuss mitigation approaches including permission segmentation, sandboxing, validation layers, and human-in-the-loop design

This write-up also includes several case studies, such as WhatsApp MCP, GitHub MCP, and OpenClaw, to show how these risks can appear in real systems

We’ve launched our main page!! Huge thanks to our frontend developer and designer @GeminiApp 😆 rewritelab.org

D-10 !!!!!

RewriteLab @RewriteLab

3 months ago

[ RewriteLab Web Security Research Team, 2026 First Half Researcher Recruitment ] Rewrite is a specialized web security research team composed of web hackers from around the world. Researchers from various regions including Korea, Europe, Asia, and Africa collaborate to conduct

0 13 72 11K 44

We have successfully published a new research article! This research takes an in-depth look at several interesting security incidents that occurred in 2025 and analyzes them in detail While some of these incidents were already widely known, this research focuses more closely on cases that people may have only glanced over without examining thoroughly Special thanks to One, TCP/IP, and @filime_sec for conducting this research! We hope it receives a lot of interest! : ) research.rewritelab.org/2026/03/09/%5B…

[ RewriteLab Web Security Research Team, 2026 First Half Researcher Recruitment ] Rewrite is a specialized web security research team composed of web hackers from around the world. Researchers from various regions including Korea, Europe, Asia, and Africa collaborate to conduct in-depth research on the latest web exploitation techniques and technologies, while also working on a range of web security related projects We are now publicly recruiting new researchers who would like to join RewriteLab and conduct research together with us For detailed information about the recruitment requirements and the application process, please refer to the recruitment page below! recruit.rewritelab.org

Hello! We’ve just launched a new wargame site called damn vulnerable web! It consists only of web challenges, primarily designed for intermediate to advanced players rather than beginners. We hope this wargame helps more people gain deeper and broader knowledge in web hacking :) For now, we’re planning to accept only 300 users initially for open beta testing and capacity checks. Starting from this tweet, we’ll gradually increase the number of allowed sign-ups each week. Your interest and support will be a huge help to our future activities We’ll do our best to deliver even better work going forward. Thank you! Wargame site: wargame.rewritelab.org Join our Discord: discord.gg/wYAm2n4M4J

Read the article : research.rewritelab.org/2025/12/31/%5B…

We’ve published a new article! This is a full writeup of the web challenges from the SECCON 14 Qual round. It has been written in detail so that readers can understand the core concepts and techniques even if they did not attempt the challenges themselves. We would like to express our sincere gratitude to the researchers @Predic02 , @masamunee2003 , @ElleuchX1 , and @ irogir for their hard work on this writeup. To everyone reading this, we wish you a very happy New Year 2026! We’re planning to release something new that we’ve been preparing between January and February, so please stay tuned and show lots of interest : )

Read the research: research.rewritelab.org/2025/09/24/%5B…

We have successfully published our third research! This research focuses on diving deep into the Spring framework. Spring is an important framework used by many companies. However, since the Spring framework doesn't frequently appear in challenges, we expect many people are unfamiliar with it Through this research, we conducted an in-depth study of the Spring framework centered on case studies - what the Spring framework is and what actual bug cases have occurred. We hope it receives a lot of interest! : )

English Version article : research.rewritelab.org/2025/08/25/%5B… Korean Version article : research.rewritelab.org/2025/08/25/%5B…

We have published a new article! You can check out the research in both Korean and English versions below :) This article is not research, but a complete writeup of the web challenges from the CODEGATE 2025 final round. We have organized it in as much detail as possible so that you can understand the core concepts even without code comprehension of the challenges We will show more activities going forward. Please show us lots of interest and look forward to it! We deeply appreciate @goldleo01 and @Predic02 for their hard work in writing the writeup

Read the research: research.rewritelab.org/2025/07/28/%5B…

We have successfully published our second research! This research focuses on various XSLeaks techniques through real case studies. It explains why XSLeaks are dangerous in the real world and how XSLeaks techniques can be utilized in challenges such as CTFs. This is a series research consisting of 3 parts! We hope it will attract a lot of interest :)

Read the research: research.rewritelab.org/2025/07/28/%5B…

We have successfully published our first research! This research conducts an in-depth study of potential security vulnerabilities and issues in the Next.js framework. We highlight security vulnerabilities in Next.js based on various CVEs and case studies.