Gabriel Avramescu @ituniversityro - Twitter Profile

7 days ago

NEW: malware developers added nuclear & biological weapons text to to their spyware. Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner. Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky. When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit. We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted. In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation. H/T to colleagues that shared this with me https://t.co/f3Aj9TYxU4

jsrailton's tweet photo. NEW: malware developers added nuclear & biological weapons text to to their spyware.

Goal? To trigger LLM safety refusals... so that their spyware wouldn't be analyzed by an AI security scanner.

Cleanest practical example I can think of for why over-indexing on first order safety alignment is risky.

When closed (and open) models ship with aggressive refusals, they will be sprinkled with second-order blindspots that attackers will discover...and exploit.

We are only in the earliest days of attackers leveraging these features, and it wouldn't surprise me if users systems that need to handle complex cybersecurity issues demand that models be less safety-blunted.

In the weeds: @SocketSecurity's post also shows why intention matters in how you design a malware analysis pipeline to avoid prompt manipulation.

H/T to colleagues that shared this with me https://t.co/f3Aj9TYxU4

226

13K

2K

5K

2M

ITUniversityRo retweeted

The Hacker News @TheHackersNews

3 months ago

🛑 OpenClaw AI agents can leak data via indirect prompt injection. A crafted URL generated by the agent triggers Telegram or Discord link previews that silently send sensitive data to attacker domains. China’s CNCERT warns organizations to isolate or restrict the tool. 🔗 Attack details → https://t.co/gtpGUldFrO

TheHackersNews's tweet photo. 🛑 OpenClaw AI agents can leak data via indirect prompt injection.

A crafted URL generated by the agent triggers Telegram or Discord link previews that silently send sensitive data to attacker domains.

China’s CNCERT warns organizations to isolate or restrict the tool.

🔗 Attack details → https://t.co/gtpGUldFrO

34

395

106

176

89K

Gabriel Avramescu @ITUniversityRo

over 1 year ago

@pamir_ai anybody can review it online, if you got the first baches?

0

1

0

29

ITUniversityRo retweeted

Kostas @Kostastsale

over 1 year ago

🚨EDR Telemetry website is live! 🥳 I hope this makes it even easier for folks to compare the telemetry of EDR vendors and visualize their visibility gaps 🙂 ‣ Website🔗https://t.co/gc5UXmr8ih ‣ GitHub 🔗https://t.co/NNAI4K539x **Telemetry results reflect the most recent updates from the EDR Telemetry project.

Kostastsale's tweet photo. 🚨EDR Telemetry website is live! 🥳

I hope this makes it even easier for folks to compare the telemetry of EDR vendors and visualize their visibility gaps 🙂

‣ Website🔗https://t.co/gc5UXmr8ih
‣ GitHub 🔗https://t.co/NNAI4K539x

**Telemetry results reflect the most recent updates from the EDR Telemetry project.

19

890

281

708

127K

Who to follow

Stefan Nicula

@stefan_nicula

Threat Researcher, Penetration Tester | Passionate about reverse engineering, exploit development & Windows internals.

SadPanda

@sadpanda_sec

#RedTeamer #MMAJunkie #CarGuy #F1... Opinions are my own.

Radu Stanescu

@radu__stanescu

• Cybersecurity Senior Expert • ECCC GB 🇪🇺🇷🇴 Alternate Board Member. • DNSC 🇷🇴 Advisor of The Director • Founder of Sandline & Centraleyezer

ITUniversityRo retweeted

Pirat_Nation 🔴

@Pirat_Nation

almost 2 years ago

>Disney has been hacked >1TiB of data stolen (unreleased projects, logins, images codes..)

327

9K

1K

2K

1M

ITUniversityRo retweeted

Dark Web Informer @DarkWebInformer

almost 2 years ago

💡Just Delete Me💡A directory of direct links to delete your account from web services. It also shows you how difficult it is.

DarkWebInformer's tweet photo. 💡Just Delete Me💡A directory of direct links to delete your account from web services. It also shows you how difficult it is. https://t.co/VKycQMqOFJ

7

1K

216

1K

121K

Gabriel Avramescu @ITUniversityRo

about 2 years ago

@onbeeper any referral codes you can share?

1

0

26

Gabriel Avramescu @ITUniversityRo

over 2 years ago

@rabbit_hmi what languages does it recognize?

0

3

Gabriel Avramescu @ITUniversityRo

over 2 years ago

Hi @TurvSec Any ideea how to reconfigure BakkerJan/ evilginx2 not to leak the Referer anymore? Thank you

1

0

131

ITUniversityRo retweeted

BleepingComputer

@BleepinComputer

almost 3 years ago

Exploit released for Cisco AnyConnect bug giving SYSTEM privileges - @serghei https://t.co/dxbhc5JSpZ

0

474

197

78

105K

ITUniversityRo retweeted

Petrus Viet @VietPetrus

about 3 years ago

I and @s0nnguy3n_ have successfully reproduced CVE-2023-2825. This vulnerability allows unauthenticated malicious users to read arbitrary files on GitLab server. This is an interesting vulnerability that is quite easy to reproduce.

VietPetrus's tweet photo. I and @s0nnguy3n_ have successfully reproduced CVE-2023-2825. This vulnerability allows unauthenticated malicious users to read arbitrary files on GitLab server.

This is an interesting vulnerability that is quite easy to reproduce. https://t.co/TvPwaJS415

9

386

81

70

49K

ITUniversityRo retweeted

Harsh Bothra @harshbothra_

over 3 years ago

I wrote this small piece on LDAP Injection Attack with @cobalt_io : https://t.co/otqcZEi6vN

0

71

35

21

6K

ITUniversityRo retweeted

Yamato Security Tools @SecurityYamato

over 3 years ago

Attackers deleted all of the Win event logs? Don’t give up! 1. Take a memory dump 2. Mount with MemProcFS 3. Copy out the evtx files with something like gci -path M:\pid\ -Include *.evtx -Recurse | Copy-Item -Destination .\evtx_files 4. Run Hayabusa!

3

261

72

78

0

ITUniversityRo retweeted

Bilal @0xcc00

almost 4 years ago

Is this article i wrote about how to take advantage of the blue team tools to bypass EDR, happy to hear your feedback on it https://t.co/b0TZOr0dwE

1

112

41

32

0

ITUniversityRo retweeted

David Schütz @xdavidhu

over 3 years ago

I found a vulnerability that allowed me to unlock any @Google Pixel phone without knowing the passcode. This may be my most impactful bug so far. Google fixed the issue in the November 5, 2022 security patch. Update your devices! https://t.co/LUwSvEMF3w

81

5K

1K

528

0

ITUniversityRo retweeted

Tarek @Cyber_Tarek

over 3 years ago

It took me 18 years to become a #cybersecurity expert. You want to be as awesome as I am? Here’s how you can do it in 13 easy steps. 1. Wake up at 4:15 am 2. Meditate for 1 hour. Clear your mind like you have 0 unread emails.

48

2K

259

652

0

ITUniversityRo retweeted