Mastodawn

Red-teaming your own products without Mythos
이 GitHub 프로젝트는 Anthropic의 Claude Mythos와 같은 고급 AI 보안 도구를 사용할 수 없는 개발자들을 위해, Claude Opus 4.7과 GPT-5 같은 현재 공개된 AI 모델을 활용해 자사 제품의 보안 취약점을 점검하는 실용적인 가이드를 제공한다. AI 기능과 기존 코드 모두를 대상으로 하는 레드팀 기법을 다루며, 실제 취약점 공격 시나리오를 포함한 실행 가능한 테스트 환경도 제공한다. 이 책은 보안에 관심 있는 개발자와 창업자를 대상으로 하며, AI가 보안 감사에 어떻게 활용될 수 있는지 구체적인 방법론을 제시한다.

https://github.com/cloudstreet-dev/AI-Red-Teaming

#aisecurity #redteaming #vulnerabilityresearch #gpt5 #claude

da_667 Apr 25

For the #IFIN newcomers, I wanted to drop a mega-thread on a bunch of blog posts and resources I've written in the past few years focused on #ThreatResearch, #VulnerabilityResearch , #DetectionEngineering , getting people comfortable with #Snort and #Suricata, and #Homelab and just dump them into one place, with the promise to update them, if you all want it. Go have a look here:

https://discourse.ifin.network/t/nsm-and-virtual-labbing-mega-thread/319

NSM and Virtual Labbing Mega-Thread

NSM and Virtual Labbing Mega-Thread In talking to some of the seniors in charge around here, I asked about sharing some old blog posts I did for my job over at the Emerging Threats Discourse , and while technically much of what I wrote does have to do with threat intelligence, it isn’t about a particular threat, more than it is about learning how to do various things related to threat research, detection engineering, NSM stuff, and homelabbing. So ultimately, this is what I wanted to do: Use...

IFIN

sayzard Apr 19

Lukasz Olejnik (@lukOlejnik)

GPT-5.4 orchestration이 리눅스 커널에서 15년 된 보안 취약점을 찾아냈다는 내용이다. AI/LLM이 실제 취약점 연구와 보안 분석에서 중요한 성과를 내고 있음을 보여주는 사례로, 모델 기반 보안 연구의 가능성을 강조한다.

https://x.com/lukOlejnik/status/2045924743526707348

#gpt54 #llm #security #linuxkernel #vulnerabilityresearch

Lukasz Olejnik (@lukOlejnik) on X

GPT-5.4 orchestration found a really interesting security but in Linux kernel. 15-years-old. So yes, AI/LLMs are delivering a lot in vulnerability research.

X (formerly Twitter)

Bug Bounty Shorts Apr 18

Day 5 — CSRF Token Bypass using GET Request
This article discusses a Cross-Site Request Forgery (CSRF) vulnerability where an attacker can bypass CSRF tokens by manipulating GET requests. The root cause is inconsistent validation of CSRF tokens across HTTP methods, particularly on GET requests. In this case, the application incorrectly validated CSRF tokens for GET requests but did so correctly for POST requests. By modifying a legitimate request to use the GET method and moving parameters into the URL, the researcher discovered that the server did not validate the CSRF token. The attack involves creating an HTML PoC (proof-of-concept) with JavaScript to automatically submit the modified request, exploiting the victim without their interaction. This vulnerability emphasizes the importance of consistent validation for CSRF tokens across all HTTP methods. Key lesson: Validate CSRF tokens consistently regardless of HTTP method to maintain security. #BugBounty #WebSecurity #CSRF #VulnerabilityResearch

https://smartpicks4u.medium.com/day-5-csrf-token-bypass-using-get-request-791cba29812d?source=rss

Day 5 — CSRF Token Bypass using GET Request

Hello everybody, I hope you guys are doing well.

Medium

Analyst207 Apr 17

AI Models Accelerate Vulnerability Research, Raising Cybersecurity Risks

Commercial AI models are rapidly advancing vulnerability research and exploit development, cutting the time from discovery to exploitation and significantly raising the stakes for cybersecurity. This emerging trend poses new and heightened risks for the industry.

https://osintsights.com/ai-models-accelerate-vulnerability-research-raising-cybersecurity-risks?utm_source=mastodon&utm_medium=social

#AiModels #VulnerabilityResearch #CybersecurityRisks #EmergingThreats #ExploitDevelopment

AI Models Accelerate Vulnerability Research, Raising Cybersecurity Risks

Learn how commercial AI models accelerate vulnerability research, raising cybersecurity risks, and discover strategies to protect your organization now.

OSINTSights

Khürt Williams Apr 16

Claude Opus 4.7 and Cyber Verification Programme

Anthropic's Claude Opus 4.7 arrives with Project Glasswing baked in.

https://islandinthenet.com/claude-opus-4-7-and-cyber-verification-programme/

Claude Opus 4.7 and Cyber Verification Programme - Island in the Net

Anthropic’s Claude Opus 4.7 arrives with Project Glasswing baked in.

Island in the Net

Analyst207 Apr 15

Microsoft Awards $2.3M for Cloud and AI Flaws Uncovered in Zero Day Quest Hacking Contest

Microsoft just took a bold step towards securing our digital future by awarding $2.3 million to researchers who uncovered critical cloud and AI flaws in its Zero Day Quest hacking contest, showcasing the power of incentive-driven vulnerability discovery. Nearly 700 submissions poured in,…

https://osintsights.com/microsoft-awards-23m-for-cloud-and-ai-flaws-uncovered-in-zero-day-quest-hacking?utm_source=mastodon&utm_medium=social

#ZeroDayQuest #CloudSecurity #ArtificialIntelligence #VulnerabilityResearch #BugBounty

Microsoft Awards $2.3M for Cloud and AI Flaws Uncovered in Zero Day Quest Hacking Contest

Discover how Microsoft awarded $2.3M for cloud and AI flaws found in Zero Day Quest hacking contest, learn more about the contest and its impact on cybersecurity today.

OSINTSights