HackerLangs
TopNewTrendsCommentsPastAskShowJobs

dotty-

no profile record

Submissions

Trivy Compromised a Second Time – v0.69.4 binaries, setup-trivy, trivy-action

stepsecurity.io
9 points·by dotty-·4 tháng trước·1 comments

Hacking Apple MDMs Using Rogue Device Enrollments [video]

youtube.com
2 points·by dotty-·10 tháng trước·0 comments

comments

dotty-
·5 tháng trước·discuss
At first glance, this feels like just an internal testing prompt at their company for some sort of sales pipeline. Feels more like an accident. None of the referenced files are actually in the repository. If the prompts had more of a "If the user mentions xyz, mention our product" that would absolutely give more credence that this is an advertising prompt, but none of that is here.
dotty-
·6 tháng trước·discuss
I saw this too and immediately thought: well, they published this on GitHub which surely has a clause that grants it a license to use the code for training Copilot for Microsoft at a minimum, sooo should've published on another Git platform.
dotty-
·6 tháng trước·discuss
You joke, but that's a very real approach that AI pentesting companies do take: an agent that creates reports, and an agent that 'validates' reports with 'fresh context' and a different system prompt that attempts to reproduce the vulnerability based on the report details.

*Edit: the paper seems to suggest they had a 'Triager' for vulnerability verification, and obviously that didn't catch all the false positives either, ha.
dotty-
·9 tháng trước·discuss
Big fan of https://github.com/synzen/MonitoRSS, not mentioned in the article. I self host at home and it sends feed updates to my own Discord server. I appreciate the customization for how the feed notification appear in Discord.
dotty-
·2 năm trước·discuss
The contribution to C++ is just a simple markdown change: https://github.com/MicrosoftDocs/cpp-docs/pull/4716 C++ is fine.