Binomial is a collection of interesting tools, articles and stories about Cyber Security.
//Suddenly everyone is an expert.
< updated monthly, sometimes weekly >

  • AT&T Hack : An interesting twist

    Reported by Kim Zetter at Wired, AT&T paid a member of the hacking team nearly $300,000 to delete the only copy of all the data

    , ,

  • Kaspersky is shutting down its business in the United States

    Will this happen Globally? “Any individual or business that continues to use Kaspersky products and services assumes all the cybersecurity and associated risks of doing so.”

    ,

  • Increased Cyber Threats during Hajj

    The Hajj pilgrimage, a sacred journey for millions of Muslims, has increasingly become a target for cyber threats. In 2024, the sophistication and frequency of these threats have escalated, posing significant risks to the security and privacy of pilgrims. This rise in cyber threats is attributed to the expanding use of digital platforms for Hajj-related…

    ,

  • Diversity : Just another Buzzword

    Diversity has become a buzzword, often seen as a necessary checkbox for compliance rather than a genuine commitment to inclusion. However, there is a specific facet of diversity that remains underappreciated and underutilized, especially in critical fields like cybersecurity: neurodiversity. Embracing neurodiversity—recognizing and valuing the unique perspectives and abilities of individuals with neurological differences such…

    , ,

  • GPT-4 can now autonomously hack zero-day 

    A new study has revealed that GPT-4, the latest iteration of OpenAI’s advanced language model, has achieved the ability to autonomously identify and exploit zero-day vulnerabilities with a remarkable 53% success rate. Watch out!!

    , ,

  • You Can’t Automate a Dumpster Fire

    In the glossy world of tech conferences, where the air is thick with buzzwords and promises of revolution, cybersecurity vendors stand on stage and proclaim the advent of AI as the panacea for all security issues. Their presentations are sleek, their promises grandiose. They paint a future where their “game-changing AI” technologies effortlessly fend off…

    , ,

  • NIST Self Guided Courses

    NIST has recently launched three free, self-guided online introductory courses focused on the SP 800-53 security and privacy control catalog, the SP 800-53A control assessment procedures, and the SP 800-53B control baselines. These courses are designed to offer you a comprehensive introduction to the essential security and privacy risk management principles, all based on their…

  • Malware Initiated Scanning Attacks

    Great article which discusses the increase in malware-initiated scanning attacks, where infected hosts scan targets rather than attackers using direct scans, it highlights how characteristics of scanning behaviour and known threat signatures help in detecting both known and new scanning patterns. This does not ever get boring 🙂

    , ,

  • Hacking AI/LLMs

    The technology sector is continually evolving, especially with the rise of Artificial Intelligence (AI) and Large Language Models (LLMs), leading to an explosion of new applications and tools that harness their powerful features. Yet, with these advancements come potential security risks. One common method of exploiting LLMs is through prompt injection. This technique involves crafting…

    , ,

  • How to Make Nmap Recognize New Services

    Easy to follow from Valtteri Lehtinen and a great first introduction to nmap if you have not used it yet Its accuracy is unchallenged and it boasts hundreds of scripts that make it vital in every pentest engagement

  • Disrupting malicious uses of AI

    In partnership with Microsoft Threat Intelligence, OpenAI have disrupted five state-affiliated actors that sought to use AI services in support of malicious cyber activities. They also outline the approach to detect and disrupt such actors in order to promote information sharing and transparency regarding their activities. Read in full here and also here

    ,

  • Run Llama 2 uncensored locally

    If you didn’t know, now you know. Explore here Disclaimer: Uncensored models carry their own risk. Please use them accordingly.

    ,

  • LLM Agents can Autonomously Hack Websites

    A recent study reveals that GPT-4 possesses the capability to independently compromise websites, executing SQL injections even without pre-existing knowledge of security flaws. This development is intriguing, though it remains in the preliminary stages. The future of automated hacking involves several key strategies: Firstly, deploying teams of intelligent agents; secondly, meticulously documenting the thought processes…

    , ,

  • Teapotuberhacker

    Arion Kurtaj, known by the alias “Teapotuberhacker,” executed a remarkable hack of Rockstar Games’ “Grand Theft Auto VI” while under police protection and on bail for previous hacking charges. This extraordinary event unfolded in a hotel room, where Kurtaj utilised a hotel TV, cellphone, and an Amazon Fire Stick to carry out the hack. Arion…

  • Significant Cyber Incidents

    This timeline records significant cyber incidents since 2006, focusing on cyber attacks on government agencies, defense and high tech companies, or economic crimes with losses of more than a million dollars.

    ,

  • Ransomware Diaries: Volume 1

    A favorite bookmark, just read and enjoy : Unlocking Lockbit

    , ,

  • Uncontrolled Artificial Intelligence

    Artificial Intelligence has become an integral part of our lives, powering everything from our smartphones to self-driving cars. However, one critical aspect of AI development, particularly in AI models like OpenAI’s ChatGPT, is the set of controls and filters in place to prevent misuse and harmful outcomes. The question arises: What would happen if these…

    ,

  • It’s here to stay..

    Facebook is currently experiencing a surge of fake photos created by AI, which are being mistaken for real images. This was somewhat expected, but it’s still strange to see it actually happening. An artist who posted an original piece is now seeing it imitated by others using AI tools. //This presents several significant concerns This…

    ,

  • OpenAI prompting guide

    OpenAI released its own prompting guide. It’s quite good and includes examples. Here are the main tactics:

    ,

  • 2cents – 2023-2030 Australian Cyber Security Strategy

    // First this, a very brief summary: The 2023-2030 Australian Cyber Security Strategy, released by the Australian Government on November 22, 2023, serves as a comprehensive roadmap to establish Australia as a world leader in cyber security by 2030. The Strategy focuses on enhancing cyber security, managing cyber risks, and supporting citizens and businesses in…

    , ,