Aggregator

The blog post introduces Sift, a new tool from GreyNoise that helps threat hunters filter out noise and prioritize investigation of potentially malicious web traffic. Sift uses AI techniques like large language models to analyze HTTP requests seen across GreyNoise's sensor network and generate reports on new and relevant threats. The reports describe and analyze suspicious payloads, estimate the threat level, provide contextual tags/information on associated IPs, and suggest Suricata rules to detect similar traffic. This allows analysts to focus only on the most critical potential threats instead of sifting through millions of requests manually. Sift is currently limited to HTTP traffic but will expand to other protocols soon. The post invites readers to provide feedback on how to further develop Sift's capabilities, such as expanding historical reports, customizing for specific organizations, analyzing submitted PCAPs, and integrating additional GreyNoise data/tools.

业余无线电守则 体谅：绝对不故意在联络中妨碍他人的乐趣。 忠诚：对同好、俱乐部以及在国内外代表全国业余无线电爱好者的国家协会表示忠诚、鼓励与支持。 进步：掌握先进科学的知识，装备认真有效的电台，以及无可挑剔的操作。 友爱：应要求缓慢耐心的发送，对新手的友好指导和建议，善意的帮助合作，以及考虑别人的利益，这些是业余精神的证明。 ...

可以跳过，直接进入速记阶段。 A 类操作技术能力考试题库有 365 道题，考试环节只考其中的 30 道，对 25 道就能通过考试；大部分与法律法规相关，看一晚上差不多就可以过了。而 B 证的题库有 689 题，除了与 A 证重合的题目之外，新加入了大量电子元件、计算相关的题目，需要辅助记忆。 A、B、C 操作证的简单区别 操作证类别频段功率A30MHz~3000MHz不大于25WB各业余业务和卫星业余业务频段30MHz以下不大于100W，30MHz以上不大于25WC各业余业务和卫星业余业务频段30MHz以下不大于1000W，30MHz以上不大于25W ...

0# 概述最近一段时间项目也比较多，再加上最近还在维护开源项目，所以挺忙的。乘着国庆时间，好好放松一下，顺便借着国庆期间更新一下自己许久未更新的博客哈哈~本篇文章，我们将深入学习著名BurpSu...

Earlier this week, KrebsOnSecurity revealed that the darknet website for the Snatch ransomware group was leaking data about its users and the crime gang's internal operations. Today, we'll take a closer look at the history of Snatch, its alleged founder, and their claims that everyone has confused them with a different, older ransomware group by the same name.

守护万家灯火，同庆盛世华诞~

Large Language Model (LLM) applications and chatbots are quite commonly vulnerable to data exfiltration. In particular data exfiltration via Image Markdown Injection is quite frequent. Microsoft fixed such a vulnerability in Bing Chat, Anthropic fixed it in Claude, and ChatGPT has a known vulnerability as Open AI “won’t fix” the issue. This post describes a variant in the Azure AI Playground and how Microsoft fixed it. From Untrusted Data to Data Exfiltration When untrusted data makes it into the LLM prompt context it can instruct the model to inject an image markdown element.

During an Indirect Prompt Injection Attack an adversary can exfiltrate chat data from a user by instructing ChatGPT to render images and append information to the URL (Image Markdown Injection), or by tricking a user to click a hyperlink. Sending large amounts of data to a third party server via URLs might seem inconvenient or limiting… Let’s say we want something more, aehm, powerful, elegant and exciting. ChatGPT Plugins and Exfiltration Limitations Plugins are an extension mechanism with little security oversight or enforced review process.

Summary ***Updated September 28, 2023*** The 0-day vulnerability in the MOVEit file transfer software that was taken advantage of by the Clop ransomware group continues to make headlines. These disclosures are not new attacks, they are the result of the bad actor group parsing through the stolen data, discovering, and informing victims that had not yet been found in the data. ***Updated June 16, 2023*** A 0-day vulnerability in the MOVEit file transfer software was taken advantage of by the Clop ransomware

The Human-Centered Cybersecurity program (formerly Usable Cybersecurity) is part of the Visualization and Usability Group at NIST. It was created in 2008, but we’ve known for quite some time that we needed to rename our program to better represent the broader scope of work we provide for the cybersecurity practitioner and IT professional communities. We made the decision to update the name to Human-Centered Cybersecurity to better reflect our new (but long-time practiced) mission statement, “ championing the human in cybersecurity.” With our new name, we hope to highlight that usability still

1. 通告信息近日，安识科技A-Team团队监测到JumpServer中修复了多个安全漏洞，其中包括：CVE

1. 通告信息近日，安识科技A-Team团队监测到JumpServer中修复了多个安全漏洞，其中包括：CVE

1. 通告信息近日，安识科技A-Team团队监测到JumpServer中修复了多个安全漏洞，其中包括：CVE

1. 通告信息近日，安识科技A-Team团队监测到JumpServer中修复了多个安全漏洞，其中包括：CVE

1. 通告信息近日，安识科技A-Team团队监测到JumpServer中修复了多个安全漏洞，其中包括：CVE

合家相聚 共团圆[爱心] 幸福美满 共欢畅🎉

合家相聚 共团圆[爱心] 幸福美满 共欢畅🎉

合家相聚 共团圆[爱心] 幸福美满 共欢畅🎉

合家相聚 共团圆[爱心] 幸福美满 共欢畅🎉