Yesterday Anthropic released Claude-2 in the US and UK, and if you are familiar with Chat-GPT, this may get you very excited.
Claude-2 has a similar chat interface, but has been trained using a more recent dataset (ending in early 2023) supporting 75,000 words of context. The larger context means you can use it for bigger .pdfs, documents, and reports and get output in seconds. For businesses, the API could be significantly cheaper than Chat-GPT too. Claude-2 is/was trained using a rulebook (constitution) so it may be less likely to generate harmful or problematic content. Finally privacy: from my recent conversation with Claude-2: Me: "Should I have privacy concerns when I work with you?" Claude-2: "You raise a fair question. As an AI system created by Anthropic to be helpful, harmless, and honest, I'm designed to protect user privacy and security. Here are a few key points about how I handle your personal information: I do not collect any private or personally identifiable data from you during our conversations. I only have access to our dialog. I do not share, store or document any part of our conversations elsewhere. Everything stays between us. I do not have access to any other information about you or your device/accounts. I can only interact based on what you provide in our chat. Anthropic engineered me using constitutional AI techniques so I operate in a limited, transparent and controllable way to mitigate risks. I provide explanations when asked to be clear about my capabilities and limitations. You should not have to worry about any privacy or security risks from conversing with me. My role is to provide helpful information to you, while respecting your personal boundaries. If you have any other concerns, please let me know and I'm happy to discuss further! Maintaining user trust through privacy protection and honesty is central to my purpose." We are still testing it, but at this point, Claude-2 is certainly saying the right things! Try it here: Anthropic https://www.danswer.ai Danswer allows you to ask natural language questions against internal documents and get back reliable answers backed by quotes and references from the source material so that you can always trust what you get back. You can connect to a number of common tools such as Slack, GitHub, Confluence, amongst others. Check out our Video Demo! Features 💃
If you don't have DMARC set up for your mail, this is an easy way to get started:
Enter your domain to start the DMARC Setup Do Something. Measure It. Welcome to the DMARC Setup Guide. The purpose of this setup guide is to guide your organization through the process of creating a DMARC policy, as well as policies for Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). By implementing all three policies, your organization will have a stronger email authentication mechanism in place to help protect the brand. The first step is confirming whether not your organization is using any of the three policies. Please input the domain from your organization's email address, exactly as it appears after the @ symbol in the email address. For example, the following email address, [email protected], the domain to input in the text box is globalcyberalliance.org https://dmarcguide.globalcyberalliance.org/#/ I love this one! You will too if you've overseen the costs associated with pentesting recently.
https://github.com/GreyDGL/PentestGPT. PentestGPT is a penetration testing tool empowered by ChatGPT.
YouTube | Gelei Deng This is pretty cool.
This is a way to request access for a specified time period, validate whether there is a legitimate need, and grant time-bound access. It also allows you to monitor activities performed, and revoke access if conditions change. Temporary elevated access can help you to reduce risks associated with human access without hindering operational capabilities. check it all out here: https://aws.amazon.com/blogs/security/temporary-elevated-access-management-with-iam-identity-center/ We just found this in our back pocket and thought some of you might be interested in your own LLaMA
Whether you create your own instance or just read about what went into the dataset and training of this one it's still pretty interesting. The current release is only a preview of what the complete OpenLLaMA release will offer. We are currently focused on completing the training process on the entire RedPajama dataset. This can gives us a good apple-to-apple comparison between the original LLaMA and our OpenLLaMA. Other than the 7B model, we are also training a smaller 3B model in hope of facilitating language model usage in low resource use cases. https://github.com/openlm-research/open_llama If you use Google Workspace, this is a wonderful ... sometimes even awesome.... list of code snippets you can use to be even more productive.
https://googleworkspace.github.io/awesome-workspace?languages=python Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.
Exploit Prediction Scoring System (EPSS) estimates the likelihood that a software vulnerability will be exploited in the wild. CISA publishes a list of known exploited vulnerabilities. This projects downloads the information from the three sources and combines them into one list. Scanners show you the CVE number and the CVSS score, but do often not export the full details like "exploitabilityScore" or "userInteractionRequired". By adding the EPSS score you get more options to select what to do first and filter on the thresholds which makes sense for your environment. You can use the information to enrich the information provided from your vulnerability scanner like OpenVAS to prioritize remediation. You can use tools like PowerBI to combine the results from the vulnerability scanner with the information downloaded by the script in the repository. After the download the required information will be extracted, formatted, and output files will be generated. CVSS, EPSS and a combined file of all CVE information will be available. Outputs are available in json and csv formats. Additionally the information is imported into a sqlite database. The goal was not performance or efficiency. Instead the script is written in a simple way. Multiple steps are made to make easier to understand and traceable. Try it! https://github.com/trinitor/CVE-Vulnerability-Information-Download Identify anonymous site visitors with 99.5% accuracy to prevent online fraud. Interesting tool that assigns a fingerprint to each visitor, ostensibly to help you prevent abuse of your site or service.
As the data collector, though if you have to comply with GDPR, the burden is on you. * Fingerprint is compliant as the data processor. You need to be compliant as the data controller and use identification for fraud prevention under legitimate interest or ask for user consent. Try their demo to get a handle on what is being done https://fingerprint.com/demo/ Free version handles up to 20,000 identifications per month. 𝗥𝗲𝘃𝗲𝗿𝘀𝗲 𝗘𝗻𝗴𝗶𝗻𝗲𝗲𝗿𝗶𝗻𝗴
Reverse Engineering for Beginners by Ophir Harpaz https://www.begin.re/ Reverse Engineering for Everyone by Kevin Thomas (My Technotalent) https://0xinfection.github.io/reversing/ Reverse Engineering for beginners by Dennis Yurichev (available in many languages) https://beginners.re/main.html Reverse Engineering 101 by 0x00 (with exercises) https://0x00sec.org/t/reverse-engineering-101/1233 𝗠𝗮𝗹𝘄𝗮𝗿𝗲 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 Malware Analysis In 5+ Hours - Full Course - Learn Practical Malware Analysis! by HuskyHacks https://youtu.be/qA0YcYMRWyI Malware Analysis – Mind Map by Thatintel https://thatintel.blog/2016/05/30/malware-analysis-mind-map/ Malware Analysis Tutorials: a Reverse Engineering Approach by Dr Xiang Fu http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html |
Author: <see article>
These links serve as tributes to those who have written them. Please find contributor details in the links provided Archives
April 2024
Categories |