Kevin Higgs on The Trail of Bits Blog

Kevin Higgs on The Trail of Bits Bloghttps://miscreants.github.io/blog.trailofbits.com/authors/kevin-higgs/Recent content in Kevin Higgs on The Trail of Bits BlogHugoen-usWed, 06 Aug 2025 00:00:00 -0400Prompt injection engineering for attackers: Exploiting GitHub Copilothttps://miscreants.github.io/blog.trailofbits.com/2025/08/06/prompt-injection-engineering-for-attackers-exploiting-github-copilot/Wed, 06 Aug 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/08/06/prompt-injection-engineering-for-attackers-exploiting-github-copilot/Prompt injection pervades discussions about security for LLMs and AI agents. But there is little public information on how to write powerful, discreet, and reliable prompt injection exploits. In this post, we will design and implement a prompt injection exploit targeting GitHub’s Copilot Agent, with a focus on maximizing reliability and minimizing the odds of detection.Detecting Iterator Invalidation with CodeQLhttps://miscreants.github.io/blog.trailofbits.com/2020/10/09/detecting-iterator-invalidation-with-codeql/Fri, 09 Oct 2020 08:30:22 -0400https://miscreants.github.io/blog.trailofbits.com/2020/10/09/detecting-iterator-invalidation-with-codeql/Iterator invalidation is a common and subtle class of C++ bugs that often leads to exploitable vulnerabilities. During my Trail of Bits internship this summer, I developed Itergator, a set of CodeQL classes and queries for analyzing and discovering iterator invalidation. Results are easily interpretable by an auditor, […]