π I'm releasing 4 new CLI tools for #threatintelligence !
They can help you interact with the abuse.ch
platforms: MalwareBazaar, ThreatFox, YARAify and URLhaus.
You can find more details in my latest blog post here:
andpalmier.com/posts/abuse-...
And below β¬οΈ
They are all:
π³ container ready
βοΈ fully scriptable
π§Ή using only Go standard libraries
πΊ available on brew
Check out the full blog post andpalmier.com/posts/abuse-...
yrfy leverages YARAify, use it when you need to analyze a suspicious binary without uploading it to VirusTotal, or check for matches against community rules.
github.com/andpalmier/y...
urlhs connects to URLhaus, use it if you need to block malware-serving URLs or track current malware distribution trends.
github.com/andpalmier/u...
tfox works with ThreatFox, use it to verify if a suspicious domain is in a known database of IOC.
github.com/andpalmier/t...
mbzr is an interface to MalwareBazaar, use it to get fresh samples of a specific malware family (e.g., Emotet), or a retrieve a specific binary from its hash.
github.com/andpalmier/m...
π I'm releasing 4 new CLI tools for #threatintelligence !
They can help you interact with the abuse.ch
platforms: MalwareBazaar, ThreatFox, YARAify and URLhaus.
You can find more details in my latest blog post here:
andpalmier.com/posts/abuse-...
And below β¬οΈ
They are all:
π³ container ready
βοΈ fully scriptable
π§Ή using only Go standard libraries
πΊ available on brew
Check out the full blog post andpalmier.com/posts/abuse-...
yrfy leverages YARAify, use it when you need to analyze a suspicious binary without uploading it to VirusTotal, or check for matches against community rules.
github.com/andpalmier/y...
urlhs connects to URLhaus, use it if you need to block malware-serving URLs or track current malware distribution trends.
github.com/andpalmier/u...
tfox works with ThreatFox, use it to verify if a suspicious domain is in a known database of IOC.
github.com/andpalmier/t...
mbzr is an interface to MalwareBazaar, use it to get fresh samples of a specific malware family (e.g., Emotet), or a retrieve a specific binary from its hash.
github.com/andpalmier/m...
The blog also contains a shameless plug for a small project I've been working on in the last few days π
github.com/andpalmier/r...
π I've released a new blog post about #KawaiiGPT, a "malicious #LLM" that popped up recently. I discuss its #jailbreak engine, how it accesses expensive LLMs for free, and some risks it exposes its users to.
andpalmier.com/posts/kawaii...
πΊ apkingo is available on Homebrew!
You can now install it with:
```
brew tap andpalmier/tap
brew install apkingo
```
Check out the repo, release notes, and docs: github.com/andpalmier/a...
#Go #Homebrew #APK #APKAnalysis
Hello y'all, I've published a new blog post titled "Interview preparation for a #CTI role"
If you want, you can read it here:
andpalmier.com/posts/cti-in...
Paragon Solutions claims that they cut off the Italian government access to their spyware after they were caught spying on activists, which is interesting because the Italian government says they still have access.
www.reuters.com/technology/c...
Iβve just pushed an update to my Search Engines AD Scanner (seads)! Feel free to try it out here: github.com/andpalmier/seads
Feedback is always appreciated! :)
APpaREnTLy THiS iS hoW yoU JaIlBreAk AI
Anthropic created an AI jailbreaking algorithm that keeps tweaking prompts until it gets a harmful response.
π www.404media.co/apparently-t...
END OF THE THREAD!
Check out the original blog post here:
andpalmier.com/posts/jailbreaking-llms/
If that made you curious about #AI #Hacking, be sure to check out the #CTF challenges at crucible.dreadnode.io
π€ LLMs vs LLMs
It shouldn't really come as a big surprise that some methods for attacking LLMs are using LLMs.
Here are two examples:
- PAIR: an approach using an attacker LLM
- IRIS: inducing an LLM to self-jailbreak
β¬οΈ
π #Prompt rewriting: adding a layer of linguistic complexity!
This class of attacks uses encryption, translation, ascii art and even word puzzles to bypass the LLMs' safety checks.
β¬οΈ
π #Promptinjection: embed malicious instructions in the prompt.
According to #OWASP, prompt injection is the most critical security risk for LLM applications.
They break down this class of attacks in 2 categories: direct and indirect. Here is a summary of indirect attacks:
β¬οΈ
π Role-playing: attackers ask the #LLM to act as a specific persona or as part of a scenario.
A common example is the (in?)famous #DAN (Do Anything Now):
This attacks are probably the most common in the real-word, as they often don't require a lot of sophistication.
β¬οΈ
We interact (and therefore attack) LLMs mainly using language, therefore let's start from there.
I used this dataset github.com/verazuo/jailbreak_llms of #jailbreak #prompt to create this wordcloud.
I believe it gives a sense of "what works" in these attacks!
β¬οΈ
Before we dive in: Iβm *not* an AI expert! I did my best to understand the details and summarize the techniques, but Iβm human. If Iβve gotten anything wrong, just let me know! :)
β¬οΈ
π New blog: "The subtle art of #jailbreak ing LLMs"
It contains "swiss cheese", "pig lating" and "ascii art"!
andpalmier.com/posts/jailbreaking-llms
It's a summary of some interesting techniques researchers used (and currently use) to attack #LLM
Let's see some examples hereπ§΅β¬οΈ
