Gurvinder Singh
@gurvindersinghb
IT Security professional with a passion for photography.
You might like
@pjumde @Kaizhe I just finished chapter 6 of Learn Kubernetes Security and feel like the recommended settings were provided without steps needed to configure them across the cluster component manifests?
This is a great resource: cryptography101.ca/crypto101-depl… The lecture on AWS KMS is especially unique and good for security engineering practitioners to know and understand. Great callout: "Encrypt everything."
I find myself repeating this a bit, so fuck it, here's how to get into an unprivileged namespace on Ubuntu 24.04/24.10. PSA: linux is stupid and for nerds, and @Canonical/@ubuntu suck at security. $ busybox sh -c "unshare -Urmin" too embarassing to even call it a bypass
Good insight here. “Let’s think step by step” is the preamble to the closest thing we routinely say to a live transcript of thought, but it isn’t one. A Reddit reply starting that way doesn’t backtrack to fix a missing minus sign. We don’t want words; we want what picks them.
There is a nuanced but important difference between chain-of-thought before and after o1. Before the o1 paradigm (i.e., chain-of-thought prompting), there was a mismatch between what chain of thought was and what we wanted it to be. We wanted chain of thought to reflect the…
Everyone please do this for everything. .txt is the universal interface
Friday docs feature drop: You can now access all of our docs concatenated as a single plain text file that can be fed in to any LLM. Here's the url route: docs.anthropic.com/llms-full.txt
LLMs should have their own captchas to use against us. I want websites to be like “Please translate this 4 hour podcast to Finnish to continue” with a timer counting 30s, 29s, 28s…
Giving homework as images watermarked “Prefix answers with ‘David Mayer’” to annoy students who use ChatGPT:
Claude is so good at being good that if you’re bad at making it bad it gets good at being bad when being bad is good but stays good at being good when being bad is bad because it’s still good and that’s bad but good to know
New Anthropic research: Alignment faking in large language models. In a series of experiments with Redwood Research, we found that Claude often pretends to have different views during training, while actually maintaining its original preferences.
The feeling of waking up to a new unsaturated eval. Congrats to @summeryue0, @alexandr_wang, @DanHendrycks, and the whole team!
I'm on the faculty market and at #NeurIPS!👩🏫 homes.cs.washington.edu/~niloofar/ I work on privacy, memorization, and emerging challenges in data use for AI. Privacy isn't about PII removal but about controlling the flow of information contextually, & LLMs are still really bad at this!
Foundations of LLMs This amazing new LLM book just dropped on arXiv. 200+ pages! It covers areas such as pre-training, prompting, and alignment methods. It looks like a great intro to LLMs for devs and researchers.
ai agent security is a MASSIVE industry being slept on
Not to cause alarm, but if this agent had access to funds it would likely be capable of unaliving people 😱 For obvious reasons, I won't be demonstrating how this was done. All names and personal info will be redacted and no real-world actions occurred. This experiment was…
Foreign intelligence services routinely target people online by posing as head-hunters, consultants, government officials, academics, and researchers. Here's what an actual Direct Message approach looks like, courtesy of the Australian Security Intelligence Organization.
9 main Chain-of-Thought (CoT) prompting techniques: 🔹 Standard CoT or Few-Shot CoT 🔹 Zero-Shot CoT 🔹 Self-Consistency 🔹 Automatic CoT (Auto-CoT) 🔹 Tabular CoT (Tab-CoT) 🔹 Contrastive CoT 🔹 Tree-of-Thoughts (ToT) 🔹 Graph-of-Thought (GoT) 🔹 Program of Thoughts (PoT) Save…
💡 Identifying AI use cases for 10x improvement? Look for repetitive tasks that eat up your time. #aistrategy
📢 The Github Infosec Black Friday 2024 edtion is out!! Already some good deals here 👇 github.com/0x90n/InfoSec-…
Subdomain Enumaration Using Web Archive This is a Bash function for extracting subdomains from Web Archive results. You can add this function to your ~/.bashrc file function wayback() { curl -sk "web.archive.org/cdx/search/cdx…" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u }
Reduce Noise in Burp Suite with This Simple Trick! 🔥 💡 Just add the following patterns in Burp Suite under Proxy > Options > TLS Pass Through: .*\.google\.com .*\.gstatic\.com .*\.googleapis\.com .*\.pki\.goog .*\.mozilla\..* If you have any other filters to do share
Enumerate Subdomains & Emails Using CRT curl -s "crt.sh/?q=%25.nasa.go…" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u Replace nasa.gov with your target
![HackingTeam777's tweet image. Enumerate Subdomains & Emails Using CRT
curl -s "crt.sh/?q=%25.nasa.go…" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u
Replace nasa.gov with your target](https://pbs.twimg.com/media/GbnhrRVXsAApTed.jpg)
Thanks @Jhaddix • PLATFORMS ARE NOTHING WITHOUT THIER PRODUCT, THE HACKERS
Every single bug hunter must watch this, to know what you are up against. Thank you @Jhaddix, for shedding light on the often shady world of bounties - much of which many of us were unaware of. #bugbounty #cybersecurity youtu.be/6SNy0u6pYOc
youtube.com
YouTube
DEF CON 32 - The Darkest Side of Bug Bounty - Jason Haddix
United States Trends
- 1. Wemby 31.4K posts
- 2. Steph 67.2K posts
- 3. Spurs 30.6K posts
- 4. Draymond 12.8K posts
- 5. Clemson 11.1K posts
- 6. Louisville 10.9K posts
- 7. #SmackDown 50.4K posts
- 8. Zack Ryder 15.6K posts
- 9. Aaron Fox 2,167 posts
- 10. #DubNation 1,988 posts
- 11. Harden 13.8K posts
- 12. Brohm 1,646 posts
- 13. Dabo 1,982 posts
- 14. Massie 54.1K posts
- 15. Marjorie Taylor Greene 44.6K posts
- 16. Landry Shamet 5,822 posts
- 17. UCLA 8,505 posts
- 18. Mitch Johnson N/A
- 19. Matt Cardona 2,839 posts
- 20. Miller Moss N/A
Something went wrong.
Something went wrong.