HackerLangs
TopNewTrendsCommentsPastAskShowJobs

dotty-

no profile record

Submissions

Trivy Compromised a Second Time – v0.69.4 binaries, setup-trivy, trivy-action

stepsecurity.io
9 points·by dotty-·4 maanden geleden·1 comments

Hacking Apple MDMs Using Rogue Device Enrollments [video]

youtube.com
2 points·by dotty-·10 maanden geleden·0 comments

comments

dotty-
·5 maanden geleden·discuss
At first glance, this feels like just an internal testing prompt at their company for some sort of sales pipeline. Feels more like an accident. None of the referenced files are actually in the repository. If the prompts had more of a "If the user mentions xyz, mention our product" that would absolutely give more credence that this is an advertising prompt, but none of that is here.
dotty-
·6 maanden geleden·discuss
I saw this too and immediately thought: well, they published this on GitHub which surely has a clause that grants it a license to use the code for training Copilot for Microsoft at a minimum, sooo should've published on another Git platform.
dotty-
·6 maanden geleden·discuss
You joke, but that's a very real approach that AI pentesting companies do take: an agent that creates reports, and an agent that 'validates' reports with 'fresh context' and a different system prompt that attempts to reproduce the vulnerability based on the report details.

*Edit: the paper seems to suggest they had a 'Triager' for vulnerability verification, and obviously that didn't catch all the false positives either, ha.
dotty-
·9 maanden geleden·discuss
Big fan of https://github.com/synzen/MonitoRSS, not mentioned in the article. I self host at home and it sends feed updates to my own Discord server. I appreciate the customization for how the feed notification appear in Discord.
dotty-
·2 jaar geleden·discuss
The contribution to C++ is just a simple markdown change: https://github.com/MicrosoftDocs/cpp-docs/pull/4716 C++ is fine.