The Insider Weekly #7 - Too Many Pentests | Prompt Engineering/Injection | Serendipity
A huge rollercoaster! That’s what last week felt like.
I have too many things to say. Some in today’s newsletter, and some in future posts throughout the week. Thou shalt subscribe now!
Starting with my work in cybersecurity.
I’ve performed 3 pentests this week. One was a hybrid pentest with Intigriti. I found two vulnerabilities of exceptional severity, among other low-hanging fruits. And it felt great! (for me, less for the client). The other two were: an external pentest and a web app pentest; business as usual. I had a great kickstart in 2023, having completed 11 security assessments in January alone.
On another note, the other day I was invited to three new private bug bounty programs on Bug Bounty Switzerland. I’ll be playing with their mobile apps, whenever I find some time from my main focus, the pentests, which are paid projects.
Also, I’ve been asked to submit a quote for a pentest for a very large company that everyone has heard of. If it’s accepted, it’s probably gonna be my biggest security assessment so far. It’s a gonna be a bit overwhelming and I’m not sure I really want it to be accepted. That’s why I quoted big.
Speaking of cybersecurity, I teamed up with Appsec Engineer for a massive giveaway. They’re giving away an annual PRO subscription to their learning platform to one of my followers. You might want to check out this thread on Twitter if you want to participate.
When it comes to my work in machine learning and AI, I’ve narrowed down my focus to transformers and large language models (LLMs). The three primary resources I’m studying at the moment are:
NLP with Transformers and Hugging Face on cognitiveclass.ai - course
Build your Own Chatbot in Python on educative.io - course
Natural Language Processing with Transformers (Revised Edition) - book
Cognitive Class is an IBM initiative and it’s one of the best platforms to learn AI and machine learning interactively, from beginner to advanced. Educative is a paid platform; I like them because their learning approach is to not use video lectures, only text and interactive IDEs within each lesson (so, it’s very hands-on and practical). As for the book, I’m studying from it on my tablet using the stylus pen to annotate and then following with the Jupyter notebooks, provided as materials.
Alongside, I’ve been heavy on prompt engineering and prompt injection/hacking (i.e. making ChatGPT spit out information it shouldn’t). This makes me very happy because it’s a solid bridge for combining my two biggest interests: cybersecurity and AI. Here are a few very large compilations of resources in this regard:
Do you know of any similar resources? Comment below or send me an email!
After a week of being away from home, I resumed my biking routine. I don’t care much that it’s a full-blown winter outside with many very cold days. It brings me pure joy when I’m pedaling.
I also started increasing the frequency of cold showers (to daily). And, given the workload in cybersecurity, I was forced to wake up earlier (slightly earlier than 8 AM). I still go to bed immediately after midnight and my goal is to be asleep by 11:30 PM. Making small progress here, don’t judge!
The most recent addition to my never-ending ‘currently reading’ list is The Serendipity Mindset by Dr. Christian Busch. I found this book via this brilliant piece of writing by swyx. Sad to say that I’m reading 24 books now. It’s not that I read from all of them every day. Not by far. I daily pick based on my mood (not always).
Notable mentions:
I bought and sold the same stocks multiple times (Cloudflare, Tesla, Nvidia)
Wanna build the next ChatGPT? - Twitter thread by yours truly
Privilege Escalation in Windows using 4 Tools - Twitter thread by yours truly
A 50-Year Quest: My Personal Journey with the Second Law of Thermodynamics - by Stephen Wolfram
How to get started with Machine Learning: From 0 to Engineer - Twitter thread by yours truly
Access GPT3 straight from the terminal - a bash script I wrote
ChatGPT model has improved and they started releasing the $20/mo version in the US. Looking forward to the release in other countries.
Why cheap pentests suck - Linkedin post by yours truly
Glass AI can generate a differential diagnosis or clinical plan based on your problem representation. For doctors mostly. Try it out for free.
ShareGPT - A massive collection of 39,000 ChatGPT prompts, ranked!
I’ll see you in the next batch!