PentestGPT – A ChatGPT Powered Automated Penetration Testing Too
PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is constructed on top of ChatGPT and works in an interactive way to direct penetration testers during general and particular procedures.
To access the PentestGPT Tool, ChatGPT plus member is required as it relies on GPT-4 model for high-quality reasoning, also no public GPT-4 API yet. To support PentestGPT, a wrapper for ChatGPT sessions has been added.
GItHub
#hacktools #pentest
PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore. It is constructed on top of ChatGPT and works in an interactive way to direct penetration testers during general and particular procedures.
To access the PentestGPT Tool, ChatGPT plus member is required as it relies on GPT-4 model for high-quality reasoning, also no public GPT-4 API yet. To support PentestGPT, a wrapper for ChatGPT sessions has been added.
GItHub
#hacktools #pentest
🔥8😢1
Hacking a Windows Machine by Hiding a RAT Inside an Image.
A Remote Access Trojan (RAT) is malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
Инструкция для молодежи что бы знали какие картинки открывать
Источник
A Remote Access Trojan (RAT) is malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
Инструкция для молодежи что бы знали какие картинки открывать
Источник
Medium
Hacking a Windows Machine by Hiding a RAT Inside an Image
Introduction
🤔4❤1
Announcing the OWASP Top 10 for Large Language Models (AI) Project
arge Language Models (LLMs) are the underlying technology powering transformative AI technologies like OpenAI's ChatGPT and Google's Bard. These technologies have stormed onto the scene over the last few months. One thing that's become clear is that organizations developing using these technologies will have a new and dangerous set of security headaches to contend with.
Official page
GitHub
#useful
arge Language Models (LLMs) are the underlying technology powering transformative AI technologies like OpenAI's ChatGPT and Google's Bard. These technologies have stormed onto the scene over the last few months. One thing that's become clear is that organizations developing using these technologies will have a new and dangerous set of security headaches to contend with.
Official page
GitHub
#useful
👍4
Wireshark Display Filter HD.png
2.2 MB
Wireshark Mindmap pack
👍5
OWASP Web Application Penetration Checklist
his comprehensive checklist, from the Open Web Application Security Project (OWASP), is a valuable tool for penetration testers and developers alike.
It provides a systematic approach to identifying vulnerabilities, and can be used as a guide to help ensure that your web applications are as secure as possible.
#docs #web
his comprehensive checklist, from the Open Web Application Security Project (OWASP), is a valuable tool for penetration testers and developers alike.
It provides a systematic approach to identifying vulnerabilities, and can be used as a guide to help ensure that your web applications are as secure as possible.
#docs #web
🤔4👍1
OWASP Web Application Penetration Checklist.pdf
413.4 KB
OWASP Web Application Penetration Checklist
👍5
Forwarded from CyberSecBastion
DevSecOps Guides
Our guides cover a wide range of topics related to DevSecOps, including:
🔹Secure coding practices: Learn how to write code that is resistant to common security threats such as SQL injection, cross-site noscripting, and buffer overflow.
🔹Threat modeling: Learn how to identify potential security vulnerabilities in your applications and prioritize them based on their impact and likelihood of occurrence.
🔹Security testing: Learn about different types of security testing, such as penetration testing, vulnerability scanning, and code review, and how to incorporate them into your DevSecOps workflow.
🔹Infrastructure security: Learn about securing the infrastructure that supports your applications, including servers, networks, and databases.
🔹 Compliance and regulations: Learn about compliance requirements and regulations such as GDPR, HIPAA, and PCI-DSS
Our guides cover a wide range of topics related to DevSecOps, including:
🔹Secure coding practices: Learn how to write code that is resistant to common security threats such as SQL injection, cross-site noscripting, and buffer overflow.
🔹Threat modeling: Learn how to identify potential security vulnerabilities in your applications and prioritize them based on their impact and likelihood of occurrence.
🔹Security testing: Learn about different types of security testing, such as penetration testing, vulnerability scanning, and code review, and how to incorporate them into your DevSecOps workflow.
🔹Infrastructure security: Learn about securing the infrastructure that supports your applications, including servers, networks, and databases.
🔹 Compliance and regulations: Learn about compliance requirements and regulations such as GDPR, HIPAA, and PCI-DSS
👍5🔥3
Неплохо для новичков о базе построения DevSecOps
В статей дается обзор стадий базового workflow, ключевых инструментах анализа безопасности CD/CI процесса и некоторых контролях secure pipeline, которые must have
Источник
#SecDevOps
В статей дается обзор стадий базового workflow, ключевых инструментах анализа безопасности CD/CI процесса и некоторых контролях secure pipeline, которые must have
Источник
#SecDevOps
Хабр
Как превратить DevOps-пайплайн в DevSecOps-пайплайн. Обзор концепции Shift Left
Привет, Хабр! Меня зовут Алексей Колосков, я DevOps/Cloud-инженер в Hilbert Team. Вместе с моим коллегой Михаилом Кажемским в этой статье мы расскажем об особенностях DevSecOps-пайплайна и концепции...
👍4
Изменилась ли оплата труда в отечественном ИТ секторе за последние 6 - 9 месяцев (после начала санкций в РФ, миграции спецов зарубеж, курса на импортозамещение, инициатив правительтсва по стимуляции отраслии т.д.)?
Anonymous Poll
17%
Да, выросли ЗП, есть скачок спроса на кадры в отечественные компании
12%
ЗП поднялись только в некоторых компаниях, остальные на том же уровне что и было до зимы 2022
19%
Ничего не поменялось абсолютно - Москва в шоколаде, регионы в G@вне
9%
Стало только хуже, количество позиций уменьшилось, ЗП упали, конкуренция за вакансию больше
23%
Работаю за еду как и раньше
20%
Свой вариант (пиши в чат)
🔥7
Active Directory Security Assessment, 2023
Microsoft provides Active Directory Security Assessments for their customers, which is great, but unfortunately not everyone has the money nor the people to do these kind of Security Assess-ment, and since AD is the backbone of identities for many organizations.
Different examples from real world experience has been covered, where I have managed to see these misconfigurations in production environments.
#windows #audit
Microsoft provides Active Directory Security Assessments for their customers, which is great, but unfortunately not everyone has the money nor the people to do these kind of Security Assess-ment, and since AD is the backbone of identities for many organizations.
Different examples from real world experience has been covered, where I have managed to see these misconfigurations in production environments.
#windows #audit
👍4
Certified Ethical Hacker v 12 Exam Preparation. Sample Questions with Answers, Compiled by Mohammad Alkhudari
#useful
#useful
👍2🔥2