IncludeSec's part 2 of understanding of prompt injection via the internals of transformer-based LLMs
https://ift.tt/R3YeZBh
Submitted February 09, 2024 at 07:09AM by 907jessejones
via reddit https://ift.tt/I8gQEvh
https://ift.tt/R3YeZBh
Submitted February 09, 2024 at 07:09AM by 907jessejones
via reddit https://ift.tt/I8gQEvh
Include Security Research Blog
Improving LLM Security Against Prompt Injection: AppSec Guidance For Pentesters and Developers - Part 2 - Include Security Research…
In Part 2 of our series focusing on improving LLM security against prompt injection we’re doing a deeper dive into transformers, attention, and how these topics play a role in prompt injection attacks. This post aims to provide more under-the-hood context…
Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti? - watchTowr Labs
https://ift.tt/cDo1l0b
Submitted February 09, 2024 at 10:31AM by dx7r__
via reddit https://ift.tt/w7XSeNP
https://ift.tt/cDo1l0b
Submitted February 09, 2024 at 10:31AM by dx7r__
via reddit https://ift.tt/w7XSeNP
watchTowr Labs
Ivanti Connect Secure CVE-2024-22024 - Are We Now Part Of Ivanti?
As astute readers of our Twitter account (https://twitter.com/watchtowrcyber) and blog will know, we’ve recently been heavily involved in understanding the recent spatter of vulnerabilities in Ivanti products - most recently, their Connect Secure product…
Distributed rate limiting, a new approach to prevent Bruteforce, DDOS, Credential Stuffing, etc.
https://ift.tt/kbv5ZRx
Submitted February 09, 2024 at 11:41AM by gitcommitshow
via reddit https://ift.tt/3pzvDVc
https://ift.tt/kbv5ZRx
Submitted February 09, 2024 at 11:41AM by gitcommitshow
via reddit https://ift.tt/3pzvDVc
Fluxninja
Introduction | FluxNinja Aperture
Aperture is a distributed load management platform designed for rate limiting,
Blog - Github PoC Exploits Data Analysis "Prediction" for the year 2024
https://ift.tt/sFR6Guw
Submitted February 09, 2024 at 02:07PM by gfekkas
via reddit https://ift.tt/7g0z5CZ
https://ift.tt/sFR6Guw
Submitted February 09, 2024 at 02:07PM by gfekkas
via reddit https://ift.tt/7g0z5CZ
PRIOn - AI Driven Vulnerablity Analysis & Prioritization
Blog - Deep dive into GitHub Proof of Concept (PoC) Exploits Data and a "Prediction" for the year 2024 - PRIOn
In this blog we delve into a timeseries analysis by trying to answer various questions related to GitHub exploit PoC repositories. A future prediction was made.
JSON Smuggling: A far-fetched intrusion detection evasion technique
https://ift.tt/WFtLq0h
Submitted February 09, 2024 at 03:46PM by Robbedoes_
via reddit https://ift.tt/jB0kMdH
https://ift.tt/WFtLq0h
Submitted February 09, 2024 at 03:46PM by Robbedoes_
via reddit https://ift.tt/jB0kMdH
Medium
JSON Smuggling: A far-fetched intrusion detection evasion technique
TL:DR Insignificant whitespaces in the JSON standard can be used to encode data without breaking the format. This could aid malicious…
I Know What Your Password Was Last Summer...
https://ift.tt/Wnzoctx
Submitted February 10, 2024 at 12:16AM by ZephrX112
via reddit https://ift.tt/SmC9bqP
https://ift.tt/Wnzoctx
Submitted February 10, 2024 at 12:16AM by ZephrX112
via reddit https://ift.tt/SmC9bqP
Lares Labs
I Know What Your Password Was Last Summer...
We have spent the last six months researching on the previous two years of prior cracked passwords and built some tools to understand password creation strategies better. Here are the results.
How is the NVD being used by security analysts? Are there any problems with the NVD? Help us in an academic survey!
https://ift.tt/VKTdiye
Submitted February 08, 2024 at 10:41PM by faui1-study
via reddit https://ift.tt/NQ2Ebav
https://ift.tt/VKTdiye
Submitted February 08, 2024 at 10:41PM by faui1-study
via reddit https://ift.tt/NQ2Ebav
www.cs1.tf.fau.de
Survey on usage of NVD › IT Security Infrastructures Lab
The lab is conducting a research study to investigate the usage and possible issues of the NVD (National Vulnerability Database). If you ...
Practical WPA2 Security Assessment of Wireless Routers
https://ift.tt/tNhZzPS
Submitted February 10, 2024 at 09:15PM by wirelessbits
via reddit https://ift.tt/UO3uV8m
https://ift.tt/tNhZzPS
Submitted February 10, 2024 at 09:15PM by wirelessbits
via reddit https://ift.tt/UO3uV8m
Medium
Practical WPA2 Security Assessment of Wireless Routers
<1 sec was all it took to guess the default WPA2 passphrase of a common wireless router
appsec.guide just got a new chapter on fuzzing!
https://ift.tt/4uZKrmJ
Submitted February 11, 2024 at 03:27PM by maxammann
via reddit https://ift.tt/cfoFKpX
https://ift.tt/4uZKrmJ
Submitted February 11, 2024 at 03:27PM by maxammann
via reddit https://ift.tt/cfoFKpX
The Trail of Bits Blog
Master fuzzing with our new Testing Handbook chapter
Our latest addition to the Trail of Bits Testing Handbook is a comprehensive guide to fuzzing: an essential, effective, low-effort method to find bugs in software that involves repeatedly running a program with random inputs to cause unexpected results. At…
A Beginner's Guide to Tracking Malware Infrastructure
https://ift.tt/alEAqgJ
Submitted February 11, 2024 at 06:34PM by Embeere
via reddit https://ift.tt/FNcx6Se
https://ift.tt/alEAqgJ
Submitted February 11, 2024 at 06:34PM by Embeere
via reddit https://ift.tt/FNcx6Se
Censys
A Beginner's Guide to Tracking Malware Infrastructure
Troy Hunt: How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
https://ift.tt/3XuqQ5x
Submitted February 11, 2024 at 06:08PM by campuscodi
via reddit https://ift.tt/kcuTEFv
https://ift.tt/3XuqQ5x
Submitted February 11, 2024 at 06:08PM by campuscodi
via reddit https://ift.tt/kcuTEFv
Troy Hunt
How Spoutible’s Leaky API Spurted out a Deluge of Personal Data
Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY!” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes:
NidhoggScript is a tool to generate "noscript" file that allows execution of multiple commands and creating playbooks for Nidhogg (https://ift.tt/J0coP6H)
https://ift.tt/6PqWIn2
Submitted February 11, 2024 at 08:24PM by Idov31
via reddit https://ift.tt/cWofKhv
https://ift.tt/6PqWIn2
Submitted February 11, 2024 at 08:24PM by Idov31
via reddit https://ift.tt/cWofKhv
GitHub
GitHub - Idov31/Nidhogg: Nidhogg is an all-in-one simple to use windows kernel rootkit.
Nidhogg is an all-in-one simple to use windows kernel rootkit. - Idov31/Nidhogg
Breach Analysis: APT29’s Attack on Microsoft - Password Spray & OAuth abuse.
https://ift.tt/wmP5cu3
Submitted February 12, 2024 at 09:09AM by jat0369
via reddit https://ift.tt/yLr7Vm6
https://ift.tt/wmP5cu3
Submitted February 12, 2024 at 09:09AM by jat0369
via reddit https://ift.tt/yLr7Vm6
Cyberark
APT29’s Attack on Microsoft: Tracking Cozy Bear’s Footprints
A new and concerning chapter has unfolded in these troubled times of geopolitical chaos. The Cozy Bear threat actor has caused significant breaches targeting Microsoft and HPE, and more are likely...
ChatGPT Account Takeover via Wildcard Web Cache Deception
https://ift.tt/OMo1ULd
Submitted February 12, 2024 at 01:51PM by albinowax
via reddit https://ift.tt/C0d8m19
https://ift.tt/OMo1ULd
Submitted February 12, 2024 at 01:51PM by albinowax
via reddit https://ift.tt/C0d8m19
SQLMap Cheat Sheet - Commands & Examples
https://ift.tt/VZb3hG0
Submitted February 12, 2024 at 03:13PM by HighOnCoffee
via reddit https://ift.tt/4tZkdrF
https://ift.tt/VZb3hG0
Submitted February 12, 2024 at 03:13PM by HighOnCoffee
via reddit https://ift.tt/4tZkdrF
highon.coffee
SQLMap Cheat Sheet - Commands & Examples Tutorial
SQLMap cheat sheet - Learn SQLMap with this Tutorial containing Flags, & SQLMap Command Examples.
Used AI to summarize each week's new security alerts and advisories
https://cyberowl.org/
Submitted February 12, 2024 at 03:52PM by karimhabush
via reddit https://ift.tt/nLlmQ4x
https://cyberowl.org/
Submitted February 12, 2024 at 03:52PM by karimhabush
via reddit https://ift.tt/nLlmQ4x
cyberowl.org
Cyberowl | CyberOwl
Stay informed on the latest cyber threats - a one-stop destination for all the latest alerts and updates from multiple sources.
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths
https://ift.tt/71sEoUV
Submitted February 12, 2024 at 03:40PM by lormayna
via reddit https://ift.tt/At27FLq
https://ift.tt/71sEoUV
Submitted February 12, 2024 at 03:40PM by lormayna
via reddit https://ift.tt/At27FLq
Mandiant
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths | Mandiant
Running BOFs with 'bof-launcher' library
https://ift.tt/WATUZrP
Submitted February 12, 2024 at 08:24PM by mzet-
via reddit https://ift.tt/JQDKrFO
https://ift.tt/WATUZrP
Submitted February 12, 2024 at 08:24PM by mzet-
via reddit https://ift.tt/JQDKrFO
Release 3.0.0.0 | OpalOPC
https://ift.tt/zaYc0RG
Submitted February 12, 2024 at 11:26PM by Salmiakkilakritsi
via reddit https://ift.tt/nKaYsNk
https://ift.tt/zaYc0RG
Submitted February 12, 2024 at 11:26PM by Salmiakkilakritsi
via reddit https://ift.tt/nKaYsNk
Opalopc
Release 3.0.0.0 | OpalOPC
Overview: Evidence Collection of Ivanti Connected Secure Appliances
https://ift.tt/mqziLB9
Submitted February 13, 2024 at 03:29PM by OwnPreparation3424
via reddit https://ift.tt/Bf69bd1
https://ift.tt/mqziLB9
Submitted February 13, 2024 at 03:29PM by OwnPreparation3424
via reddit https://ift.tt/Bf69bd1
Medium
Overview: Evidence Collection of Ivanti Connected Secure Appliances
This article summarizes methods that can be used to gather forensic evidence from Ivanti appliances.
Unpack RedLine stealer using dnSpyEx - Part 3 - Securityinbits
https://ift.tt/o5PqdT1
Submitted February 13, 2024 at 04:09PM by securityinbits
via reddit https://ift.tt/9GRx6ku
https://ift.tt/o5PqdT1
Submitted February 13, 2024 at 04:09PM by securityinbits
via reddit https://ift.tt/9GRx6ku
Securityinbits
Unpack RedLine stealer using dnSpyEx - Part 3 - Securityinbits
Dive into unpacking and extracting config from RedLine Stealer using dnSpyEx. This is the 3rd part in our RedLine malware series.