So I read this paper over the weekend. Naively, its a resonably interesting piece of research around using a generative AI to use descriptions of CVEs from their responsible disclosures to exploit unpatched systems autonomously. Now read that sentence again — these people prompted Chat GPT4 with CVES which didn’t have fixes yet, and had it…
Category: Security
The BeyondCorp papers
Google’s BeyondCorp effort would probably be what we would now call Zero Trust, although I am surprised by how little name recognition BeyondCorp has when I talk to security people about Zero Trust. Perhaps there are subtle differences between the two, but if there are they aren’t obvious to me. I find myself reading the…
Cisco CyberOps Associate: Official Cert Guide
I don’t think I’ve really reviewed a technical book here before, but I read the thing so I guess I should. This book is the certification guide for a “Cisco CyberOps Associate” certification, which is what they now call the CCNA Security qualification. Its a relatively junior certification, qualifying you to be a level one…
Learning from the mistakes that even big projects make
The following is a blog post version of a talk presented at pyconau 2018. Slides for the presentation can be found here (as Microsoft powerpoint, or as PDF), and a video of the talk (thanks NextDayVideo!) is below: OpenStack is an orchestration system for setting up virtual machines and associated other virtual resources such as…