Cristi Vlad

Share this post

The Insider Weekly #7 - Too Many Pentests | Prompt Engineering/Injection | Serendipity

cristivlad.substack.com

Discover more from Cristi Vlad

notes on AI, cybersecurity and life
Over 4,000 subscribers
Continue reading
Sign in

The Insider Weekly #7 - Too Many Pentests | Prompt Engineering/Injection | Serendipity

Cristi
Feb 3, 2023
3
Share this post

The Insider Weekly #7 - Too Many Pentests | Prompt Engineering/Injection | Serendipity

cristivlad.substack.com
Share

A huge rollercoaster! That’s what last week felt like.

I have too many things to say. Some in today’s newsletter, and some in future posts throughout the week. Thou shalt subscribe now!


Starting with my work in cybersecurity.

I’ve performed 3 pentests this week. One was a hybrid pentest with Intigriti. I found two vulnerabilities of exceptional severity, among other low-hanging fruits. And it felt great! (for me, less for the client). The other two were: an external pentest and a web app pentest; business as usual. I had a great kickstart in 2023, having completed 11 security assessments in January alone.

On another note, the other day I was invited to three new private bug bounty programs on Bug Bounty Switzerland. I’ll be playing with their mobile apps, whenever I find some time from my main focus, the pentests, which are paid projects.

Also, I’ve been asked to submit a quote for a pentest for a very large company that everyone has heard of. If it’s accepted, it’s probably gonna be my biggest security assessment so far. It’s a gonna be a bit overwhelming and I’m not sure I really want it to be accepted. That’s why I quoted big.


Speaking of cybersecurity, I teamed up with Appsec Engineer for a massive giveaway. They’re giving away an annual PRO subscription to their learning platform to one of my followers. You might want to check out this thread on Twitter if you want to participate.


When it comes to my work in machine learning and AI, I’ve narrowed down my focus to transformers and large language models (LLMs). The three primary resources I’m studying at the moment are:

  • NLP with Transformers and Hugging Face on cognitiveclass.ai - course

  • Build your Own Chatbot in Python on educative.io - course

  • Natural Language Processing with Transformers (Revised Edition) - book

Cognitive Class is an IBM initiative and it’s one of the best platforms to learn AI and machine learning interactively, from beginner to advanced. Educative is a paid platform; I like them because their learning approach is to not use video lectures, only text and interactive IDEs within each lesson (so, it’s very hands-on and practical). As for the book, I’m studying from it on my tablet using the stylus pen to annotate and then following with the Jupyter notebooks, provided as materials.


Alongside, I’ve been heavy on prompt engineering and prompt injection/hacking (i.e. making ChatGPT spit out information it shouldn’t). This makes me very happy because it’s a solid bridge for combining my two biggest interests: cybersecurity and AI. Here are a few very large compilations of resources in this regard:

  • Prompt Engineering Guide

  • Awesome ChatGPT

  • AI Notes by swyx

Do you know of any similar resources? Comment below or send me an email!


After a week of being away from home, I resumed my biking routine. I don’t care much that it’s a full-blown winter outside with many very cold days. It brings me pure joy when I’m pedaling.

I also started increasing the frequency of cold showers (to daily). And, given the workload in cybersecurity, I was forced to wake up earlier (slightly earlier than 8 AM). I still go to bed immediately after midnight and my goal is to be asleep by 11:30 PM. Making small progress here, don’t judge!

The most recent addition to my never-ending ‘currently reading’ list is The Serendipity Mindset by Dr. Christian Busch. I found this book via this brilliant piece of writing by swyx. Sad to say that I’m reading 24 books now. It’s not that I read from all of them every day. Not by far. I daily pick based on my mood (not always).


Notable mentions:

  • I bought and sold the same stocks multiple times (Cloudflare, Tesla, Nvidia)

  • Wanna build the next ChatGPT? - Twitter thread by yours truly

  • Privilege Escalation in Windows using 4 Tools - Twitter thread by yours truly

  • A 50-Year Quest: My Personal Journey with the Second Law of Thermodynamics - by Stephen Wolfram

  • How to get started with Machine Learning: From 0 to Engineer - Twitter thread by yours truly

  • Access GPT3 straight from the terminal - a bash script I wrote

  • ChatGPT model has improved and they started releasing the $20/mo version in the US. Looking forward to the release in other countries.

  • Why cheap pentests suck - Linkedin post by yours truly

  • Glass AI can generate a differential diagnosis or clinical plan based on your problem representation. For doctors mostly. Try it out for free.

  • ShareGPT - A massive collection of 39,000 ChatGPT prompts, ranked!


I’ll see you in the next batch!

3
Share this post

The Insider Weekly #7 - Too Many Pentests | Prompt Engineering/Injection | Serendipity

cristivlad.substack.com
Share
Comments
Top
New
Community

No posts

Ready for more?

© 2023 Cristian Vlad Zot
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing