Anthropic has released Free AI courses on:
- Prompt Engineering
- Building agents
- Best practices for Agentic Coding
- Collaborate with AI systems
.... and so much more!
9 best guides you don’t want to miss:
And finally, a technical analysis on how @JamesHorseman2 and @hacks_zach reversed the patch and developed the POC for CVE-2022-1388:
https://t.co/REdv9gPxqY
#f5#CyberSecurity
The recordings from #BHEU have just landed on youtube! If you're going to watch just one, I'd recommend "Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond" by @_danielthatcher/@intruder_io
https://t.co/mw5NPi83WE
Find evidence of log4j usage on Linux servers with these 3 commands
ps aux | egrep '[l]og4j'
find / -iname "log4j*"
lsof | grep log4j
Find places to which your applications write logs
lsof | grep '\.log'
#log4shell#log4j
I don't normally aim to drop 0-day, but pre-recording makes it tricky. If you've got an Apache front-end that supports HTTP/2 and enforces any important security rules, please watch this talk.
https://t.co/L7B15eThH7
▶️ Time to harden your AD CS HTTP interface to fully block this path, a pretty good recommendation in @SpecterOps paper (take a look at page 113) https://t.co/ZL05lemNOO
Finally finished testing it, it's quite brutal! Network access to full AD takeover... I really underestimated the impact of NTLM relay on PKI #ESC8 😱The combo with PetitPotam is awesome !
Everything is already published to quickly exploit it ...