//
sign in
Profile
by @danabra.mov
Profile
by @dansshadow.bsky.social
Profile
by @jimpick.com
AviHandle
by @danabra.mov
AviHandle
by @dansshadow.bsky.social
AviHandle
by @katherine.computer
EventsList
by @katherine.computer
ProfileHeader
by @dansshadow.bsky.social
ProfileHeader
by @danabra.mov
ProfileMedia
by @danabra.mov
ProfilePlays
by @danabra.mov
ProfilePosts
by @danabra.mov
ProfilePosts
by @dansshadow.bsky.social
ProfileReplies
by @danabra.mov
Record
by @atsui.org
Skircle
by @danabra.mov
StreamPlacePlaylist
by @katherine.computer
+ new component
ProfilePosts
Loading...
Here are the slides from my @tumpicon.org talk: Teaching LLMs how to XSS - An introduction to fine-tuning and reinforcement learning (using your own GPU) docs.google.com/presentation...
11mo
Teaching LLMs how to XSS An introduction to fine-tuning and reinforcement learning (using your own GPU)
docs.google.com
Teaching LLMs how to XSS
harisec
OpenAI o3 model just achieved unbelievable scores (75% and 87%) on ARC-AGI, the previous models made maximum 20% and humans make around 85%. arcprize.org/blog/oai-o3-...
I wrote an article about how it's possible to use Assistant Prefill to jailbreak LLMs (Large Language Models). Here is an example of the latest model from Microsoft (Phi-4) writing a phishing email:
Great paper from Orange Tsai about unicode transformations: worst.fit/assets/EU-24...
I wrote a blog post about enumerating and testing tool usage in web applications that use LLMs: www.invicti.com/blog/securit...
My favorite talk from #38c3: From Pegasus to Predator - The evolution of Commercial Spyware on iOS - media.ccc.de/v/38c3-from-...
I wrote a blog post about how I use Claude Code (and other models) in my work: invicti.com/blog/securit...
I generated 20k vibe-coded web applications using various models via the OpenRouter API and analyzed them for security issues. The apps are available for download if anyone wants to take a look. www.invicti.com/blog/securit...
Dec 20, 2024
The article: www.invicti.com/blog/securit...
Jan 13, 2025
9mo
Dec 31, 2024
Jan 2, 2025
Jan 13, 2025
6mo
7mo
OpenAI o3 scores 75.7% on ARC-AGI public leaderboard.
arcprize.org
OpenAI o3 Breakthrough High Score on ARC-AGI-Pub
worst.fit
Learn how attackers can exploit LLM tool usage and MCP servers, why this expands the attack surface, and how automated DAST scanning strengthens LLM security in web applications.
www.invicti.com
LLM Tool Usage Security
From Pegasus to Predator - The evolution of Commercial Spyware on iOS
My talk explores the trajectory of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024. The talk will ...
media.ccc.de
harisec
The Assistant Prefill feature available in many LLMs can open up models to jailbreaking, including the possibility of persistent prefills to bypass LLM safety alignments.
www.invicti.com
Learn how AI tools can support security researchers in investigating vulnerabilities and designing security checks to detect them.
invicti.com
Learn about common security issues in AI-generated software, based on an analysis of over 20,000 vibe-coded web apps.
First Tokens: The Achilles’ Heel of LLMs
Security Research in the Age of AI Tools
Security Issues in Vibe-Coded Web Apps: Analysis, Vulnerabilities, Scanning
www.invicti.com
harisec
harisec
harisec
harisec
harisec
harisec
harisec