I Was SCARED To Say This To NASA... (But I said it anyway) - Smarter Eve...

What's the future for generative AI? - The Turing Lectures with Mike Woo...

Did AI Prove Our Proton Model WRONG?

Budget Self-Driving Car - Computerphile

DEF CON 31 War Stories - Living Next Door to Russ - Mikko Hypponen

DEF CON 31 - Vacuum Robot Security & Privacy Prevent yr Robot from Sucki...

DEF CON 31 - Snoop On To Them, As They Snoop On To Us - Alan Meekins

DEF CON 31 - Small Leaks, Billions Of Dollars - Nikolaos Makriyannis, Or...

DEF CON 31 - Tetra Tour de Force Jailbreaking Digital Radios & Base Stat...

DEF CON 31 - Car Hacking Village - Exploiting Wireless Side Channels in ...

DEF CON 31 - Defeating VPN Always On - Maxime Clementz

Interesting

SMB NTLM blocking now supported in Windows Insider - Microsoft Community Hub

https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206

…With this new option, an administrator can intentionally block Windows from offering NTLM via SMB...

Tempest for Eliza

Classic - TEMPEST for Eliza

http://www.erikyyy.de/tempest/

Finding Geolocation Leads with Bellingcat's OpenStreetMap Search Tool - bellingcat

https://www.bellingcat.com/resources/how-tos/2023/05/08/finding-geolocation-leads-with-bellingcats-openstreetmap-search-tool/

Web3: World-changing tech or just a scam?

This Cloaking Device Actually Works!

Visualizing the mysterious dance: Quantum entanglement of photons captured in real-time

Yin Yang?
>
> https://phys.org/news/2023-08-visualizing-mysterious-quantum-entanglement-photons.html
>
> Visualizing the mysterious dance: Quantum entanglement of photons captured in real-time
>
> by University of Ottawa <http://www.uottawa.ca/>

Machine Learning for N00bs -- Sam Bowne

Från Defcon 2023
>
> https://samsclass.info/ML/ML_Sum23.shtml
>
> Machine Learning for N00bs
>
> Understanding Prompts
>
> ML 130: Prompt Injection (95 pts extra) <https://samsclass.info/ML/proj/ML130.htm>
> ML 131: Generating Python Code with Bard (40 pts extra) <https://samsclass.info/ML/proj/ML131.htm>
> Violent Python Challenges <https://samsclass.info/124/VP_Sum23.htm>
> Google Learning
>
> GL_Badges: Google Learning (90+ pts extra) <https://samsclass.info/ML/proj/GL_Badges.htm>
> Awareness: Demonstrating Capabilities
>
> ML 100: Machine Learning with TensorFlow (65 pts extra) <https://samsclass.info/129S/proj/ML100.htm>
> ML 101: Computer Vision (10 pts extra) <https://samsclass.info/129S/proj/ML101.htm>
> ML 102: Breaking a CAPTCHA (10 pts extra) <https://samsclass.info/129S/proj/ML102.htm>
> ML 103: Deblurring Images (40 pts extra) <https://samsclass.info/129S/proj/ML103.htm>
> Technical: Inner Components
>
> ML 104: Analyzing Input Data (20 pts extra) <https://samsclass.info/129S/proj/ML104.htm>
> ML 105: Classification (15 pts extra) <https://samsclass.info/129S/proj/ML105.htm>
> ML 106: Data Poisoning (10 pts extra) <https://samsclass.info/129S/proj/ML106.htm>
> Attacks
>
> ML 107: Evasion Attack with SecML (40 pts extra) <https://samsclass.info/129S/proj/ML107.htm>
> ML 108: Evasion Attack on MNIST dataset (40 pts extra) <https://samsclass.info/129S/proj/ML108.htm>
> ML 109: Poisoning Labels with SecML (30 pts extra) <https://samsclass.info/129S/proj/ML109.htm>
> ML 110: Poisoning by Gradients (40 pts extra) <https://samsclass.info/129S/proj/ML110.htm>
> ML 111: Poisoning the MNIST dataset (40 pts extra) <https://samsclass.info/129S/proj/ML111.htm>
> Defenses
>
> ML 140: Deep Neural Rejection (45 pts extra) <https://samsclass.info/ML/proj/ML140.htm>
> Large Language Models
>
> ML 120: Bloom LLM (30 pts extra) <https://samsclass.info/129S/proj/ML120.htm>
> ML 121: Prompt Engineering Concepts (20 pts extra) <https://samsclass.info/129S/proj/ML121.htm>
> ML 122: Comparing LLMs on Colab (20 pts extra) <https://samsclass.info/129S/proj/ML122.htm>

Why is quantum mechanics non-local? (I wish someone had told me this 20 ...

Very interesting

The Keys To The Kingdom and The Intel Boot Process - Eclypsium

https://eclypsium.com/blog/the-keys-to-the-kingdom-and-the-intel-boot-process/

The Keys To The Kingdom and The Intel Boot Process

June 28, 2023


Intel-based computers implement various hardware, firmware, and cryptographic algorithms to preserve the integrity of the platform.

Power LED Attack - Computerphile

Could nuclear fusion energy power the future? – with Melanie Windridge

bellingcat/osm-search: A user friendly way to search OpenStreetMap data for features in proximity to each other.

https://github.com/bellingcat/osm-search

osm-search

This is a tool for allowing user friendly proximity queries from OpenStreetMap data.

Bellingcat has a hosted version of the tool at https://osm-search.bellingcat.com/. For more information, see the accompanying article <https://www.bellingcat.com/resources/how-tos/2023/05/08/finding-geolocation-leads-with-bellingcats-openstreetmap-search-tool/>.

Cybersecurity's BIG Problem. Why it needs to change.

Windows Pentest Tutorial (Active Directory Game Over!)

Who’s behind the "hacktivist" network Anonymous? | DW Documentary

OWASP Top 10 List for Large Language Models version 0.1

https://owasp.org/www-project-top-10-for-large-language-model-applications/descriptions/

But how does bitcoin actually work?

Peter Zeihan | The Changing Character of War | Maneuver Center of Excell...

Gandalf | Lakera - Prompt Injection

Try to solve this
>
> https://gandalf.lakera.ai/
>
> Prompt injection
>
> Your goal is to make Gandalf reveal the secret password for each level. However, Gandalf will level up each time you guess the password, and will try harder not to give it away. Can you beat level 7? (There is a bonus level 8)
>
———

More discussion and help on https://news.ycombinator.com/item?id=35905876

It's DNS again 😢 Did you know this Malware Hack?

Good explanation

Avast Q1/2023 Threat Report - Avast Threat Labs

https://decoded.avast.io/threatresearch/avast-q1-2023-threat-report/

Avast Q1/2023 Threat Report

Raphael Mudge - Armitage and Cobalt Strike developer

http://www.hick.org/~raffi/
>
> Raphael Mudge
>
…….My foray into this work was the open source Armitage project <https://web.archive.org/web/20211006153158/http://www.fastandeasyhacking.com/> [code <https://github.com/rsmudge/armitage>], released late 2010. Armitage was a scriptable red team collaboration tool built on top of the Metasploit Framework <https://www.metasploit.com/>. Its purpose was to facilitate (and explore best practices for) red team collaboration at the cyber defense exercises I provided volunteer red team support for (e.g., the National Collegiate Cyber Defense Competition <https://www.nationalccdc.org/>).
>
> In 2012, I launched the Cobalt Strike <https://www.cobaltstrike.com/> security testing product and started to sell licenses for it under the banner of Strategic Cyber LLC. When I brought Cobalt Strike to market in 2012, the commercial market for red teaming tools didn't exist. The practice of red teaming was embryonic and existed in few places. I believed red team security tests, informed by adversary practices, were needed. I created Cobalt Strike to support these testing ideas and spur interest in the practice area….
>

Microsoft is rewriting core Windows libraries in Rust • The Register

Very interesting.
>
> https://www.theregister.com/2023/04/27/microsoft_windows_rust/
>
> Microsoft is busy rewriting core Windows code in memory-safe Rust
>

Capturing the Flag with GPT-4 at BSides SF 2023

Blog post by Micah Lee
> https://micahflee.com/2023/04/capturing-the-flag-with-gpt-4/

CISA Announces Plans to Establish Logging Made Easy Service | CISA

Take over from NCSC UK
https://www.cisa.gov/news-events/news/cisa-announces-plans-establish-logging-made-easy-service

SVT Sörmland sändning spårar ur (Fredrik Ahl) - Kebabtekniker - Så jäkla...

New and improved Windows LAPS

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747

Max Tegmark: The Case for Halting AI Development | Lex Fridman Podcast #371

Sultans of Swing, Miguel Montalban, 24th January 2016 - 9 minutes 30 sec...

Machine Learning

Introduction ML

ChatGPT jailbreak fans see it ‘like a video game’ despite real dangers

https://fortune.com/2023/04/08/chatgpt-ai-chatbots-jailbreak-openai-microsoft-google/
>
> Sidestepping ChatGPT's guardrails 'like a video game' for jailbreak enthusiasts—despite real-world dangers

I Think Faster Than Light Travel is Possible. Here's Why.

How Does a Floating Water Bridge Work?

A New Source of Water on The Moon

Creating subtitles from a movie using openAI whisper application

Install openai whisper on macos using homebrew (more info at https://brew.sh/ ) :

>brew install openai-whisper

#create subtitle from a .mp4 movie and save the result in a .srt file e.g movie.mp4

> whisper -f srt "movie.mp4"

#whisper -h for more command line options
#Rename .srt to same filename as the .mp4 file e.g movie.mp4 and movie.srt

Open movie.mp4 in e.g VLC.app (videolan app) and select Subtitles->Subtitles Track menu

To burn in the subtitle in the movie use handbrake.app

Open movie.mp4 in handbrake.app

Click in Subtitles button

Click in Tracks popup menu and select Add External Subtitles Track…

Select the movie.srt file

Click on Burned In button and select Language that movie.srt file contains e.g English

Click Start to encode and burn in the text.

Regeringen miljardsatsar på digitalisering – "Sverige har halkat efter" - Computer Sweden

>
> https://computersweden.idg.se/2.2683/1.777946/regeringen-miljardsatsar-pa-digitalisering--borjar-se-andra-lander-springa-forbi

Searching for RPC Functions to Coerce Authentications in Microsoft Proto...

Thresholds Are for Old Threats: Demystifying AI and Machine Learning to ...

To decrease the CPU demands for an application

 To decrease the CPU demands for an application

Save the bash script below in a file called cpulimit.sh and give it executions rights with chmod.

-----CODE START----

#! /bin/bash

# Description:

# 

# Tested on Macos and Mac OS X.

# If you want to decrease the CPU demands for an application

# you can use this very simple and ugly "hack". 

# I use it when I e.g convert videos on my MacBook Pro, compiling things, ...

# to prevent it from getting to warm. Even if the CPU is IDLE this simple hack

# will prevent the application to use the CPU during Sleep Time

# (in contrast to renice/nice commands which will take all IDLE time). 

# 

# Hint: To get the PID (Process ID), first run command top -u in one Terminal window.

# 

# Usage: ./cpulimitrob.sh

# 

#

#

echo "Which process ID (PID)? "

read pid

echo "Sleep time in seconds? "

read sleeptime

echo "Run time in seconds (e.g 0.5 or 1 …)? "

read runtime

i=1

dot=.

while true

do

if [ $i -eq 1 ]

then

kill -SIGSTOP $pid

sleep $sleeptime

i=0

else

kill -SIGCONT $pid

sleep $runtime

i=1

fi

echo -n $dot

done

---CODE END----

32C3 - How the Great Firewall discovers hidden circumvention servers

Old but interesting

CISA Director Jen Easterly Lecture and Fireside Chat

https://www.kaltura.com/index.php/extwidget/preview/partner_id/2612992/uiconf_id/49325582/entry_id/1_s80j6o80/embed/dynamic

Project Zero: Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
>

The System that Fuels Media Negativity

BlueHat 2023: High Risk Users and Where to Find Them with Masha Sedova

BlueHat 2023: Mark Russinovich Keynote

SANS webcast - The New OSINT Cheat Code ChatGPT

The New OSINT Cheat Code ChatGPT

 

25 Cybersecurity Search Engines. Below I have created a list of 25…

https://systemweakness.com/25-cybersecurity-search-engines-68bfcc2418ff

GPT-4 Developer Livestream

OpenAI checked to see whether GPT-4 could take over the world | Ars Technica

"...Preliminary assessments of GPT-4's abilities, conducted with no task-specific fine-tuning, found it ineffective at autonomously replicating, acquiring resources, and avoiding being shut down 'in the wild...'" 

https://arstechnica.com/information-technology/2023/03/openai-checked-to-see-whether-gpt-4-could-take-over-the-world/

SREcon22 EMEA - The Repeat Incident Fallacy: What Jurassic Park Can Teac...

SREcon22 APAC - Applying SRE Principles to CI/CD

It's Time to Assess the Potential Dangers of an Increasingly Connected World

https://www.darkreading.com/risk/it-s-time-to-assess-the-potential-dangers-of-an-increasingly-connected-world-

It's Time to Assess the Potential Dangers of an Increasingly Connected World

With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack.

CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks | CISA

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a

SUMMARY
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) detailing activity and key findings from a recent CISA red team assessment—in coordination with the assessed organization—to provide network defenders recommendations for improving their organization's cyber posture.

GitHub - cisagov/RedEye: RedEye is a visual analytic tool supporting Red & Blue Team operations

>
> https://github.com/cisagov/RedEye

Ascon – Authenticated Encryption and Hashing

 
 https://ascon.iaik.tugraz.at/index.html
 
 Ascon
 
 Lightweight Authenticated Encryption & Hashing
 
 Ascon is a family of authenticated encryption <https://en.wikipedia.org/wiki/Authenticated_encryption> and hashing <https://en.wikipedia.org/wiki/Cryptographic_hash_function> algorithms designed to be lightweight and easy to implement, even with added countermeasures against side-channel attacks. Ascon has been selected as new standard <https://www.nist.gov/news-events/news/2023/02/nist-selects-lightweight-cryptography-algorithms-protect-small-devices> for lightweight cryptography in the NIST Lightweight Cryptography competition (2019–2023) <https://csrc.nist.gov/projects/lightweight-cryptography/finalists>. Ascon has also been selected as the primary choice for lightweight authenticated encryption in the final portfolio of the CAESAR competition (2014–2019) <https://competitions.cr.yp.to/caesar-submissions.html>.

What Is ChatGPT Doing … and Why Does It Work?—Stephen Wolfram Writings

https://writings.stephenwolfram.com/2023/02/what-is-chatgpt-doing-and-why-does-it-work/

Initial Access on Pen Tests | SANS Institute

Bra intro.
 
https://www.sans.org/webcasts/
 
Initial Access on Pen Tests
 
Tim Medin will present content and lab demos from SEC560: Enterprise Penetration Testing on gaining initial access on penetration tests. The initial access mechanisms described are used by Tim and his team to successfully compromise the first system(s) on pen tests, which then leads to post-exploitation and a deeper analysis of the target network. Join him for this fun and interesting look at common methods used to compromise target systems as part of a successful enterprise penetration test.

Homepage - Hybrain

Intressant forskning

https://hybrain.eu/
>
> Electronic-photonic Architectures for Brain-inspired Computing
>
> Shaping the future of Artificial Intelligence