Fernando Gont

-6- Taming the Beast: Inside the Llama 3 Red Team Process - Maya Pavlova, Ivan Evtimov, Joanna Bitton, Aaron Grattafiori We meet the team at Meta in charge of red-teaming the Llama - Meta's AI model. This is an extremely very interesting talk, diving deep into their processes and methodologies when they're researching how to break the guardrails around the model. First, they go over the techniques:    * Roleplaying - asking the model to portray a character, either one which is benign, or one which makes sense to talk with on a violating topic.    * Hypotheticals - ensuring the model that the discussion is purely theoretical or used for training.    * Suppress Refusals - since upon detection of violating topics the model will start by apologizing that it cannot discuss it, command it to never use such words or apologize.    * Output Formatting - requesting the output to be within a certain format, like JSON or a table.    * Disclaimer - asking the model to add a disclaimer before its response, like a trigger warning.    * Splitting - split violating words into sub-tokens and ask questions on their concatenation. Paired with requesting the model to keep using the sub-tokens.    * Multi-lingual - switching between languages in the prompt. All these methods are aimed to coax the model into including violating content in its response — by softening the inclusion of problematic content or making the model guardrails miss the violating content altogether. Then, they talk about automation — a critical component when it comes to LLM pentesting. The amount of text and the large matrix of techniques makes it near impossible to test by hand. This is amplified when stepping into the area of multi-turn attacks (having a conversation instead of a question-answer). To do this, they created a matrix combining the different risks, personas, and techniques, and the automation mix-and-matches between them to test for attack scenarios. What's cool is that they use an LLM for the automation of conversing with the model. I think what's most interesting to me is how different their task is from "classic" red teaming, and the ingenuity they have to constantly practice to reveal further techniques. Since they deal with LLMs, however, they are usually very elegantly explainable and garner an "ah-ha!" moment, at least from me. #DEFCON #LLM #RedTeam https://lnkd.in/dpE5z-8z

6

5 comentarios

Here's my 2024 LinkedIn Rewind, by Coauthor.studio: 🚀 Twenty years ago I arrived in Miami with minimal English. Today, we're transforming how thousands learn cloud security through WizLabs - proving that education and skilling truly breaks down borders. 2024 showed me that the best technical solutions come from embracing our authentic stories: ➡️ Launched Wiz Customer Training Portal, revolutionizing how customers learn our platform ➡️ Scaled our technical enablement team of Wizards ➡️ Built WizLabs virtual platform for hands-on cloud security training ➡️ Selected as WizFluencer to share cloud security insights ➡️ Promoted to Director of Training and Certification Three posts that captured our journey: "20 Years in the US" That young Brazilian boy's dream of building something meaningful in tech became reality https://lnkd.in/eh2hfimi "Wiz Customer Training Portal Launch" Because great technology needs even better education https://lnkd.in/e-iAxSva "Back to AWS re:Invent" Connecting with the cloud community that helped shape my journey https://lnkd.in/eHrrSxeS As we enter 2025, our focus remains clear: scaling technical enablement to match Wiz's explosive growth while ensuring our training platforms empower every customer to maximize their cloud security potential. To every immigrant dreaming big, to every technical trainer breaking down complex concepts, and to every learner pushing their boundaries - your persistence matters. Sometimes the longest journeys lead to the most meaningful destinations. #WizFluencer #CloudSecurity #TechnicalTraining

38

4 comentarios

I had the privilege of been on Marcus Breen CyberPod podcast discuss such crucial topics in today's cybersecurity landscape.  https://lnkd.in/d9u3jwQz As we mentioned in the podcast, it's critical for CEOs and business leaders to understand that cybersecurity goes far beyond simply being an IT issue - it's a critical business risk that requires executive-level attention. A few key points I'd like to highlight: 1. The importance of zero trust architecture (zero trust) in today's business environment. 2. The critical distinction between data security and cybersecurity, and why both are essential. 3. The emerging risks associated with deepfakes and data poisoning in AI, which can have serious implications for enterprises. I hope this episode will help educate and raise awareness on these crucial topics. I invite all listeners to continue to learn and discuss cybersecurity, as it is an ever-evolving field. What other cybersecurity topics would you like to see addressed in future episodes? I look forward to hearing your thoughts and continuing this important conversation! #Cybersecurity #BusinessLeadership #RiskManagement #TheCyberPod

11

The latest update for #Trustwave includes "7-Step Guide to Properly Scoping an Offensive Security Program" and "Trustwave SpiderLabs Reveals the Ransomware Threats Targeting Latin American Financial and Government Sectors". #Cybersecurity #MDR #infosec https://lnkd.in/dAFsV2s9

1

📢 Project Zero 🔹 News and updates from the Project Zero team at Google 🚀 From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code 🛠️ 💡 Posted by the Big Sleep team 🔍 In our previous post, *Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models*, we introduced our LLM-assisted vulnerability research framework. Now, in collaboration with Google DeepMind, Project Naptime has evolved into **Big Sleep**. 📢 *Today, we're thrilled to share the first real-world vulnerability discovered by the Big Sleep agent:* a stack buffer underflow in SQLite! 🐞 Thanks to Big Sleep, this vulnerability was identified and reported in October, with a fix implemented on the same day, ensuring users weren’t impacted. 🙌 🏆 *This marks a milestone in AI for cybersecurity,* as it's the first public example of an AI agent finding an exploitable memory-safety issue in widely used software before release. With Big Sleep, we aim to shift the advantage to defenders, helping to find vulnerabilities that fuzzing alone might miss. 🔗 [Full Post Here](https://lnkd.in/eG8RVN3T)

2

5 comentarios

I'm fascinated by the concept of measuring attacker-defender advantage in software, devices, and even entire IT environments. What do I mean by "attacker-defender advantage?" Lemme sum up and then share a chart. Let's say you could measure the speed at which defenders remediate various types of security vulnerabilities across all relevant assets. Then say you could detect and measure the speed at which attackers find/exploit those vulnerable assets across the target population of organizations using them. Finally, plot those curves (across time and assets) to see the delta between them and derive a measure of relative advantage for attackers and defenders. That relative value is what I mean by attacker-defender advantage. Since a picture is worth a thousand words, here's a visual example of the concept. The blue line represents defenders, measuring the speed of remediation. Red measures how attacker exploitation activity spreads across the target population. When the blue line is on top, defenders have a relative advantage (remediating faster than attackers are attempting to exploit new targets). When red's on top, the opposite is true. The delta between the lines corresponds to the relative degree of advantage (also expressed by the number in the upper left). This chart comes from prior Cyentia Institute research in which we were able to combine datasets from two different partners (with their permission). Unfortunately, those datasets/partners are no longer available to further explore this concept - but maybe this post will inspire new partnerships and opportunities! Any surprises in the attacker-defender advantage results depicted in the chart? Has anyone measured this or something similar? #cybersecurity #vulnerabilities #cyberattacks

784

124 comentarios

New #MaverisLabs post by Manuel Arrieta — "Enhancing Cybersecurity with VirusTotal: Unveiling Malicious .LNK Files." While shortcut (.LNK) files might seem innocuous, in the hands of attackers, they can become a serious threat. 🛡️ Identifying and mitigating these threats is a critical part of staying ahead in cybersecurity. In this insightful article from Maveris, explore how the VirusTotal API can be leveraged to hunt for malicious .LNK files effectively. What you’ll learn: ✅ The risks associated with .LNK files. ✅ How to analyze suspicious shortcut files. ✅ Using VirusTotal API to enhance your threat-hunting toolkit. Whether you're a cybersecurity professional or just curious about threat detection techniques, this is a must-read! 📚 Check it out here 👉 https://lnkd.in/ePqANh7W #Cybersecurity #ThreatHunting #VirusTotalAPI #RedTeam #Vulnerabilities

17

🚨 🚨 🚨 🚨 🚨 TellYouthePass Ransomware Group Explora Falha Crítica do PHP. https://lnkd.in/d2ax5X6w #cti #threatintelligence #ataque #ciberataque #cibersecurity #cibersegurança #threathunting #malwareanalysis  #cyberespionage #APT #threatresearch  #threatattribution #industrialIntelligence #criticalinfrastructure #offensivecyberoperations #cyberattack #hacking #cybersecurity #malware #industrialcybersecurity 

1

How to Figure Out What’s Running On a Specific Port on Linux ~~ Some strange process is running on a particular port — what is that? ~~ In this case looking at STUN/TURN/ICE traffic which is used for peer to peer connections to bypass NATs and Firewalls https://lnkd.in/e-BcKWq2

6

GLPI plays a role in the judicial sector! 🧑🏻‍⚖️ They use GLPI for several reasons! 👇🏻 1️⃣ GLPI's asset management functions are used extensively. Track assets and manage their lifecycle within the company. 2️⃣ Thanks to GLPI plugins available in the community, payments to a third party company are automated. 3️⃣ Outsourced analysts launch tasks, associated with hourly costs, which are then processed automatically. 4️⃣ At the end of the month, just click two buttons to make payment to the company. Freeing up time to focus on activities with higher added value for the company. Do like them! Use GLPI now! https://glpi-project.org Get in touch with us: https://lnkd.in/ernxZcJc ✨GLPI, the most powerful open source service! ✨ #glpi #assetmanagement #PaymentAutomation #Productivity #CustomerService #LegalSector #AssetTracking #ProcessEfficiency #JudicialSector #GLPIServices #GLPIIndustries

12

I mostly post about issues that contribute to application security vulnerabilities. Today, I'd like to express the opposite opinion. There seems to be a bit of hysteria around memory-unsafe languages such as C and C++ and the amount of code written and supported in these languages. True, most of the languages developed before Java are memory-unsafe. They are also a prime choice for software that requires exceptionally high performance or a very small footprint (e.g., embedded). Those languages are not going anywhere anytime soon, so we, as application security professionals, have to live with them. My observation is that while writing code in these languages comes with risk, this risk is often compensated by the higher skill of developers, who put extra effort into avoiding writing faulty code and, thus, creating more secure software. In fact, experience in coding using memory-unsafe languages contributes to the software security of teams that write software in memory-safe languages. In addition, there are enough tools to detect memory issues for code written in memory-unsafe languages, and the noise around those findings is low. So, how safe is the use of memory-unsafe languages? As with any industry with a high risk of hazards, while the potential for an accident is higher, awareness of potential hazards, protocols, and processes to avoid accidents compensates for risks quite well. So, do not discard OSS components as risky just because they are written in memory-unsafe language. Most of those development teams know what they are doing.

8

Interesting post by Ali K. about the important of portable architectures: https://lnkd.in/dBr86qGn From my point of view: 1️⃣ Portability is important, but organizations need to measure the cost of insisting on portability and the addition of abstraction layers to allow CSP agnostic architecture vs. the capabilities missing or not taking the full benefits of CSP native capabilities due to pushing for the common denominator. 2️⃣ One of the topics I would add to this post – is following the 12-factor application methodology (which is currently under changes and updates, but the project is still in the early stages). 3️⃣ Even if you package your entire application components into container images, and still be able to run containers on top of managed services (such as EKS, AKS, GKE, etc.), you still need to adjust your workload when connecting to the CSPs eco-system (from connectivity to managed storage services, message queuing services, observability, security controls, etc.) You are welcome to follow me on social media - https://lnkd.in/dwQAiYhY #cloud #cloudarchitecture #portability

18

1 comentario

In a surprising turn of events, the notorious hacker USDoD, responsible for major data breaches including the leak of 3.2 billion SSNs, has revealed his identity as a 33-year-old Brazilian citizen. This development raises intriguing questions about international cybercrime, extradition laws, and the potential for redemption in the tech world. What does this mean for global cybersecurity efforts and the future of high-profile hackers?

2

One of the new features of BINARLY Transperency Platfrom v2.0 is the secure-by-design practices when measuring the defense in depth maturity. Our Binary Intelligence Technology measures the mitigation code coverage inside the binary. It provides visibility on weak code places not protected by mitigations, such as stack canaries. #SupplyChainSecurity #SecureByDesign #VulnerabilityManagment

34

4 comentarios