HackerLangs
トップ新着トレンドコメント過去質問紹介求人

dotty-

no profile record

投稿

Trivy Compromised a Second Time – v0.69.4 binaries, setup-trivy, trivy-action

stepsecurity.io
9 ポイント·投稿者 dotty-·4 か月前·1 コメント

Hacking Apple MDMs Using Rogue Device Enrollments [video]

youtube.com
2 ポイント·投稿者 dotty-·10 か月前·0 コメント

コメント

dotty-
·5 か月前·議論
At first glance, this feels like just an internal testing prompt at their company for some sort of sales pipeline. Feels more like an accident. None of the referenced files are actually in the repository. If the prompts had more of a "If the user mentions xyz, mention our product" that would absolutely give more credence that this is an advertising prompt, but none of that is here.
dotty-
·6 か月前·議論
I saw this too and immediately thought: well, they published this on GitHub which surely has a clause that grants it a license to use the code for training Copilot for Microsoft at a minimum, sooo should've published on another Git platform.
dotty-
·6 か月前·議論
You joke, but that's a very real approach that AI pentesting companies do take: an agent that creates reports, and an agent that 'validates' reports with 'fresh context' and a different system prompt that attempts to reproduce the vulnerability based on the report details.

*Edit: the paper seems to suggest they had a 'Triager' for vulnerability verification, and obviously that didn't catch all the false positives either, ha.
dotty-
·9 か月前·議論
Big fan of https://github.com/synzen/MonitoRSS, not mentioned in the article. I self host at home and it sends feed updates to my own Discord server. I appreciate the customization for how the feed notification appear in Discord.
dotty-
·2 年前·議論
The contribution to C++ is just a simple markdown change: https://github.com/MicrosoftDocs/cpp-docs/pull/4716 C++ is fine.