Notices by Alexandre Dulaunoy (adulau@infosec.exchange)

Embed this notice
Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Friday, 15-Nov-2024 19:12:56 JST Alexandre Dulaunoy
- IFTAS
@iftas Do you share the hashes ? it might be useful for many other open source projects.

In conversation about 10 days ago from infosec.exchange permalink
Embed this notice
Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Friday, 15-Nov-2024 19:12:46 JST Alexandre Dulaunoy
- Jaz (IFTAS)
@jaz
The importance of sharing CSAM detection indicators cannot be overstated, it significantly improves detection at scale. Despite multiple requests for #DFIR activities, we were denied access to these databases. This restriction is a missed opportunity, as it limits detection capabilities.
Frankly, I don’t see the risks of sharing these indicators. The cybersecurity community has been sharing IoCs, malware hashes, and domains for years. Why should CSAM indicators be treated differently? With technologies like encrypted Bloom filters, even public sharing can be done securely.
If we truly want broad and effective detection in #fediverse and other social networks, we need widespread sharing of CSAM indicators.

In conversation about 10 days ago from infosec.exchange permalink
Embed this notice
Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Thursday, 19-Sep-2024 05:52:48 JST Alexandre Dulaunoy

A funny phishing targeting GitHub users with an email notification about a security issue on a existing repository.
Then the captcha verification on a malicious website is trying to trick the user to run a shell command on Windows.
🔗 Powershell to be executed by the user
https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473
🔗 File downloaded https://pandora.circl.lu/analysis/21e8f693-361b-4a04-853c-276f9dd841e4/seed-1XqUr4mADaFYlLAyrBH8oQUBgOoEbceZ586b8h05YyA - Lumma Stealer
🔗 Malicious domain analysis. https://lookyloo.circl.lu/tree/91106035-dfec-4acc-af06-c9fc36c62774
#malware #malwareanalysis #infosec
In conversation about 2 months ago from infosec.exchange permalink
Attachments
1. Second step of this phishing execution. Trying to lure the user to execute a powershell. https://gist.github.com/adulau/6cf6f3e9c5bbd9106af8814d0a22f473
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/113/160/470/862/757/558/original/529545749cc9d6ca.png
2. Domain not in remote thumbnail source whitelist: github.githubassets.com
  
  Malicious captcha for Windows user
  
  from adulau
  
  Malicious captcha for Windows user
3. No result found on File_thumbnail lookup.
  
  Pandora - Analysis of l6E.exe
4. Domain not in remote thumbnail source whitelist: lookyloo.circl.lu
  
  Lookyloo capture
  
  URL captured: https://github-scanner.com
Embed this notice
Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Thursday, 30-Nov-2023 19:18:22 JST Alexandre Dulaunoy

Extracting Training Data from ChatGPT
I’m wondering if OpenAI requested a CVE for the disclosure of this vulnerability.
#llm #llms #openai #vulnerability #chatgpt
🔗 https://not-just-memorization.github.io/extracting-training-data-from-chatgpt.html
🔗 https://arxiv.org/abs/2311.17035
In conversation about a year ago from infosec.exchange permalink
Attachments
1. Domain not in remote thumbnail source whitelist: not-just-memorization.github.io
  
  Extracting Training Data from ChatGPT
2. Domain not in remote thumbnail source whitelist: static.arxiv.org
  
  Scalable Extraction of Training Data from (Production) Language Models
  
  This paper studies extractable memorization: training data that an adversary can efficiently extract by querying a machine learning model without prior knowledge of the training dataset. We show an adversary can extract gigabytes of training data from open-source language models like Pythia or GPT-Neo, semi-open models like LLaMA or Falcon, and closed models like ChatGPT. Existing techniques from the literature suffice to attack unaligned models; in order to attack the aligned ChatGPT, we develop a new divergence attack that causes the model to diverge from its chatbot-style generations and emit training data at a rate 150x higher than when behaving properly. Our methods show practical attacks can recover far more data than previously thought, and reveal that current alignment techniques do not eliminate memorization.
Embed this notice
Alexandre Dulaunoy (adulau@infosec.exchange)'s status on Friday, 27-Oct-2023 18:17:10 JST Alexandre Dulaunoy
- Signal
- jvoisin
Digging a little bit in the some ICC profiles added in signal-app, I updated the original issue and there is clearly an issue where new ICC profiles are created from the Google skia library.
https://github.com/signalapp/Signal-Desktop/issues/6031#issuecomment-1702432836
This issue only appears when the media-quality is to high. Maybe an allow-list strategy like the mat2 tool written by @jvoisin would be better to be sure that new metadata created are discarded by default.
@signalapp
#privacy #signal #signalapp #metadata
In conversation about a year ago from infosec.exchange permalink
Attachments
1. Dependencies among SignalApp and where the ICC profiles are created from which includes the Google copyright.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/110/989/239/354/120/776/original/784eef0aacd6c835.png
2. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
  
  Signal Desktop inserts invalid information (including copyright information) into photo exif data · Issue #6031 · signalapp/Signal-Desktop
  
  I took a picture of an object, when sending a photo to Signal (in a private message) and uploading it to a PC through Signal Desktop, I get an excessive amount of metadata (exif), and the worst tag...

Public

Notices by Alexandre Dulaunoy (adulau@infosec.exchange)

User actions

Following 0

Followers 0

Groups 0

Statistics

Feeds