HackerLangs
TopNewTrendsCommentsPastAskShowJobs

dotty-

no profile record

Submissions

Trivy Compromised a Second Time – v0.69.4 binaries, setup-trivy, trivy-action

stepsecurity.io
9 points·by dotty-·قبل 4 أشهر·1 comments

Hacking Apple MDMs Using Rogue Device Enrollments [video]

youtube.com
2 points·by dotty-·قبل 10 أشهر·0 comments

comments

dotty-
·قبل 5 أشهر·discuss
At first glance, this feels like just an internal testing prompt at their company for some sort of sales pipeline. Feels more like an accident. None of the referenced files are actually in the repository. If the prompts had more of a "If the user mentions xyz, mention our product" that would absolutely give more credence that this is an advertising prompt, but none of that is here.
dotty-
·قبل 6 أشهر·discuss
I saw this too and immediately thought: well, they published this on GitHub which surely has a clause that grants it a license to use the code for training Copilot for Microsoft at a minimum, sooo should've published on another Git platform.
dotty-
·قبل 6 أشهر·discuss
You joke, but that's a very real approach that AI pentesting companies do take: an agent that creates reports, and an agent that 'validates' reports with 'fresh context' and a different system prompt that attempts to reproduce the vulnerability based on the report details.

*Edit: the paper seems to suggest they had a 'Triager' for vulnerability verification, and obviously that didn't catch all the false positives either, ha.
dotty-
·قبل 9 أشهر·discuss
Big fan of https://github.com/synzen/MonitoRSS, not mentioned in the article. I self host at home and it sends feed updates to my own Discord server. I appreciate the customization for how the feed notification appear in Discord.
dotty-
·قبل سنتين·discuss
The contribution to C++ is just a simple markdown change: https://github.com/MicrosoftDocs/cpp-docs/pull/4716 C++ is fine.