Ian Campbell 🏴23h ago

Okay, okay. I need to devote some time to catching up on genAI capabilities in a professional sense.

Security Researchers & SecOps - what's your favorite use case so far?

Also, what's a lesson you learned the hard way?

***Also - please save the snark. I'm tired, and this is a genuine, if hesitant, ask.

#infosec

Show threadnyanbinary
@neurovagrant I haven't tried it yet but one of the areas I have actual hope for (and, time permitting, will give a shot after my vacation): Triage for the initial wave of stuff like secret detections, when the tools are freshly turned on. With all the love for classical secret scanners: They are pretty fucking noisy. Throwing a language model on the outputs should do a decent job filtering out the password = "notanactualpassword" or key = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/' so we can annoy the right people to fix there fucking shit first.
Apr 2 at 2:46pmWeb
Show threadnyanbinary22h ago
@neurovagrant its probably less relevant for a steady-state but jfc, we have about 80k detections of this heading our way & from some test samples we are indeed looking at something like a 30/30/30 split complete FP/grey area/true positive soooo...
Show threadB'ad Samurai 🐐🇺🇦22h ago

@nyanbinary @neurovagrant

I once had DumpsterDiver in a container running against the NAS. I didn’t have an LLM then so it took a lot of tuning, but it found AWS, Azure and infra API secrets.

Put infrastructure teams through Python boot camps for automation, they did…