OpenAI Begins Tackling ChatGPT Data Leak Vulnerability
Exploit ChatGPT and Enter the Matrix to Learn about AI Security
ChatGPT Plugin Exploit Explained: From Prompt Injection to Accessing Private Data
ChatGPT Plugins: Data Exfiltration via Images & Cross Plugin Request Forgery
Indirect Prompt Injection via YouTube Transcripts
Adversarial Prompting: Tutorial and Lab
Video: Prompt Injections - An Introduction
MLSecOps Podcast: AI Red Teaming and Threat Modeling Machine Learning Systems
Don't blindly trust LLM responses. Threats to chatbots.
Video Tutorial: Hijacking SSH Agent
Device Code Phishing Attacks
Ropci deep-dive for Azure hackers
PenTest Magazine Open Source Toolkit: ropci
ROPC - So, you think you have MFA?
TTP Diaries: SSH Agent Hijacking
gospray - Simple LDAP bind-based password spray tool
Malicious Python Packages and Code Execution via pip download
Machine Learning Attack Series: Backdooring Pickle Files
Offensive BPF: Using bpftrace to sniff PAM logon passwords
Post Exploitation: Sniffing Logon Passwords with PAM
Customized Hacker Shell Prompts
GPT-3 and Phishing Attacks
AWS Scaled Command Bash Script - Run AWS commands for many profiles
Gitlab Reconnaissance Introduction
Log4Shell and Request Forgery Attacks
Video: Anatomy of a compromise
Offensive BPF: Understanding and using bpf_probe_write_user
Offensive BPF: Sniffing Firefox traffic with bpftrace
Offensive BPF: What's in the bpfcc-tools box?
Offensive BPF: Using bpftrace to host backdoors
Offensive BPF: Malicious bpftrace 🤯
Offensive BPF! Getting started.
Backdoor users on Linux with uid=0
Using Microsoft Counterfit to create adversarial examples for Husky AI
Using procdump on Linux to dump credentials
Automating Microsoft Office to Achieve Red Teaming Objectives
Airtag hacks - scanning via browser, removing speaker and data exfiltration
Somewhere today a company is breached
Google's FLoC - Privacy Red Teaming Opportunities
Spoofing credential dialogs on macOS, Linux and Windows
Hong Kong InfoSec Summit 2021 Talk - The adversary will come to your house!
An alternative perspective on the death of manual red teaming
Survivorship Bias and Red Teaming
Actively protecting pen testers and pen testing assets
Machine Learning Attack Series: Overview
Machine Learning Attack Series: Generative Adversarial Networks (GANs)
Assuming Bias and Responsible AI
Abusing Application Layer Gateways (NAT Slipstreaming)
Machine Learning Attack Series: Repudiation Threat and Auditing
Video: Building and breaking a machine learning system
Machine Learning Attack Series: Image Scaling Attacks
Leveraging the Blue Team's Endpoint Agent as C2
Machine Learning Attack Series: Adversarial Robustness Toolbox Basics
Hacking neural networks - so we don't get stuck in the matrix
What does an offensive security team actually do?
CVE 2020-16977: VS Code Python Extension Remote Code Execution
Machine Learning Attack Series: Stealing a model file
Coming up: Grayhat Red Team Village talk about hacking a machine learning system
Beware of the Shadowbunny - Using virtual machines to persist and evade detections
Participating in the Microsoft Machine Learning Security Evasion Competition - Bypassing malware models by signing binaries
Machine Learning Attack Series: Backdooring models
Machine Learning Attack Series: Perturbations to misclassify existing images
Machine Learning Attack Series: Smart brute forcing
Machine Learning Attack Series: Brute forcing images to find incorrect predictions
Getting the hang of machine learning
Beware of the Shadowbunny! at BSides Singapore
Red Teaming Telemetry Systems
Illusion of Control: Capability Maturity Models and Red Teaming
Motivated Intruder - Red Teaming for Privacy!
Firefox - Debugger Client for Cookie Access
Remotely debugging Firefox instances
Performing port-proxying and port-forwarding on Windows
Using built-in OS indexing features for credential hunting
Shadowbunny article published in the PenTest Magazine
Red Teaming and Monte Carlo Simulations
Phishing metrics - what to track?
$3000 Bug Bounty Award from Mozilla for a successful targeted Credential Hunt
Cookie Crimes and the new Microsoft Edge Browser
Post-Exploitation: Abusing Chrome's debugging feature to observe and control browsing sessions remotely
Hunting for credentials and building a credential type reference catalog
Attack Graphs - How to create and present them
Cybersecurity Attacks - Red Team Strategies has been released.
Book: Cybersecurity Attacks - Red Team Strategies
MITRE ATT&CK Update for Cloud and cookies!
Cybersecurity - Homefield Advantage
BashSpray - Simple Password Spray Bash Script
Active Directory and MacOS
KoiPhish - The Beautiful Phishing Proxy
McPivot and useful LLDB commands
Pass the Cookie and Pivot to the Clouds