The Future of Generative AI and Security [2 Predictions]
Offensive AI Will Outpace Defensive AI In the short term, and possibly indefinitely, we will see offensive or malicious AI applications outpace defensive ones that…
Category: Mix
[tl;dr sec] #190 – Securely Build on AI, CISA Pen Test repo, Joining Google’s Red Team
I hope you’ve been doing well! 🏋️ Our Gym If you’ve been wanting to improve your fitness but haven’t been sure where to start, I…
Challenges Implementing AWS Multi-Account Strategy
Implementing an AWS multi-account strategy is a popular approach that helps organizations to manage their cloud resources efficiently. In my previous post, I discussed our…
Bug Bytes #207 -IIS, LLMs and iOS
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
ShareFile Pre-Auth RCE (CVE-2023-24489) – Assetnote
Summary An unauthenticated attacker can upload arbitrary files leading to remote code execution. A cryptographic flaw, coupled with a path traversal vulnerability enable the attacker…
SSL Version을 체크하는 여러가지 방법들
여러가지 명령을 통해 ssl version 체크하는 방법들 간략하게 메모해둡니다. 개인적으로 주로 testssl.sh를 자주 사용했었는데, 쓰다보니 종종 다른 도구와 크로스 체크가 필요한 일이 있네요. 여러 도구들이…
[tl;dr sec] #189 – CISA on Defending CI/CD, Backdooring NPM via S3, AI + Reverse Engineering
I hope you’ve been doing well! 🎇 4th of July I spent my 4th of July, ironically, with a group of Australians, who taught me…
Takeaways from a Conversation Between Hackers and Program Managers
In our web event “Getting Vulnerable”, we brought together program managers Jill Moné-Corallo from GitHub, Garrett McNamara from ServiceNow, and Ansgar Pfeifer and Matthew Bryant…
View vulnerabilities on Attack Surface page
View vulnerabilities on each asset across your attack surface The attack surface is where you can understand what you have exposed and whether you should…
Bug Bytes #206 – Citrix more like Crit-trix amiright?
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
AI and Machine Learning in Cybersecurity
Note: this post currently just has content on AI + reverse engineering, but check back soon and I’ll be covering AI applied to other topics…
Practical Continuous Threat Modeling Work for Your Team
Izar describes the attributes required by threat modelling approaches in order to succeed in Agile dev environments, how to build an organization that continuously threat…