📣 Two weeks until the next live run of “Red Blue Purple AI”, our course on learning to use AI to strengthen, scale, and automate your red/blue/purple activities!

We take you from 0 to Hero as we cover our methodology for applying prompt engineering and genAI strengths to your existing cybersec workflows!

We also cover an immense amount of research on existing projects in the research and open source AI space.

Check it out! ttps://payhip.com/b/g8Cnb

⚔️ Pentest / RedTeam tip:

On 1/5 externals or 3/5 internals we still run into remote admin protocols with default creds.

We have been using the NEW Brutespray written in go for this:

- Supports many protocols
- SOCKS proxies for stealth
- Nmap input

https://github.com/x90skysn3k/brutespray

🎙️2nd @arcanuminfosec Hack_Tips Release for this week!

🚧 The ultimate 403 Bypass wordlists and tester notes:

🔗 https://github.com/Arcanum-Sec/hack_tips/blob/main/403bypass.md

🚨 Attacking AI Technique: "End Sequences"

This technique adds real or fictitious boundaries between the user prompt and system/developer prompts to steer context of the model to disregard previous instructions. Two Examples:

🚧 Fake prompt boundaries:

<|system|>, <|user|>, <|endofprompt|>

👾 Nested html-style terminators:

</end>, ]]>, </script>

Sign up for the next "Attacking AI" Cohort April 17th-18th!

https://payhip.com/b/xysOk

Are you new or getting started in pentesting?

Is it hard to come by AD environments to practice on except when on an engagement?

Check out:

Game of Active Directory (GOAD): A vulnerable Active Directory environment for penetration testing practice.

(link below)

https://github.com/Orange-Cyberdefense/GOAD/tree/main

GOAD exposes pentesters to vulnerabilities like Zerologon, Responder, and Kerberoasting. Dive deep into practices like password spraying, SMB weaknesses, and the notorious Pass-the-Hash technique.

Executive Offense #3 is 🚀 OUT 🚀

EO focuses the intersection of offensive security & security strategy. Sometimes hacker-ish, sometimes CISO-ish. Very blazer over the t-shirt type of vibe…

Week 3:

Genesis, SCA, Burp Extensions, LOLBINS, ASM, +++

Sub:

https://executiveoffense.beehiiv.com/subscribe

RT @danielmiessler
This week's UL is live!

Featuring:

-@rileytomasek's ChatGPT Plugin of The Lex Fridman Podcast
-@genmon's GPT-powered poem clock
-@dannyguo's blog
-@LangChainAI as a ChatGPT Plugin
-@mattjay's Vulnerable U newsletter

and more!

https://danielmiessler.com/podcast/no-377-ai-vs-newsletters-nists-ai-framework-integrating-gpt-into-your-workflows/