Vlad Ionescu
@ucsenoi
Followers
2K
Following
21K
Media
230
Statuses
3K
Cofounder/CTO @RunSybil - Alumn @ Meta, NCC Group, Mandiant Red Team, Palantir, RIT 👻 Likes RF and deniable infra @[email protected]
NYC
Joined July 2009
Proud to be an author on this. I worked on the human uplift and autonomous cyber portions of the evals and resulting paper that helped inform current model capabilities. We have a really impressive team here, stay tuned.
With today’s launch of Llama 3.1, we release CyberSecEval 3, a wide-ranging evaluation framework for LLM security used in the development of the models. Additionally, we introduce and improve three LLM security guardrails. Summary in this 🧵, links to paper/github at bottom:
0
0
8
RT @TheRegister: Updated with some details and links about CVE-2023-4039: a security weakness found separately by Azeria Labs' @Fox0x01 and….
0
5
0
In light of BLASTPASS and Google's WebP CVE, we're sharing how to force sandbox image parsing on macOS -- an undocumented security feature from Apple.
1
18
96
I got <50 as final grade in a security fundamentals class in college and since then I’ve been working alongside some of the best security pros in the industry. I knew my stuff too, the prof just had stupid requirements for presentations and homework. Grades aren’t everything.
Flex your lowest academic low score. To remind us that almost everyone fails at some point in life but it isn't the end of the road. Just a memory in the end. Mine was 27/100 in Engineering Math 2, just a year after I'd scored 99 in 12th boards. Much needed kick in my butt.
2
1
7
RT @syndrowm: @Junior_Baines 🥶 "The problem with the lack of diversity in public offensive tooling is that it’s mirrored by a lack of diver….
0
5
0
RT @antitree: To my old or new friends leaving @NCCGroupInfosec my DMs are open to help either find you a new position or provide feedback….
0
6
0
Blue team explaining their response plan.
2
1
13
RT @LHreports: A casual selfie aboard a Cessna led us to a private jet at the heart of Europe's spyware scandal. We used its flight history….
0
170
0
The solution for 11, along with the official ones (linked) contain great ideas for dealing with tough samples, especially as Python anti-analysis is growing .
A few quick #FlareOn9 write-ups, particularly in places where I used silly methodologies to solve a problem. Not a lot, though, as I wasn't on planning any write-ups.
0
0
1
Strong work from @LennertWo again. I’m seeing lots of fault injection happening with the cheap and widely available RP2040, owing to its programmable IO feature, exciting!.
Starlink-FI by KULeuven-COSIC. Starlink User Terminal Modchip: To Manage to execute arbitrary code on the Starlink User Terminal using a custom modchip that performs voltage fault injection. #StarLink #SpaceX #Antenna #Dish #Terminal
0
0
3
Support not just your local antifa but also the varsity travel team
Photo reports of purchases from money gathered with my volunteer project Too many pictures, will post some more with expensive items. More you can find on our facebook -
0
0
3
Best case scenario? Those companies pour resources into internal security efforts, find and prevent bugs before external parties do. A pipe dream, yeah, but one we should all hope and push for.
0
1
0
This will harm security for B2B products. Companies that do business with .gov are already more eager to sweep bugs under the rug rather than honestly patch and disclose to customers. This is additional incentive to ignore, threaten, and silence researchers.
The House passed a defense spending bill saying you can't sell software to the DoD that has *any* known CVEs in it.
3
1
6
If there ever was a good week to work from home, this is it.
Really hoping everyone who was in Las Vegas last week is isolating and testing daily this week, to ensure they’re not putting others at risk.
0
0
3
Downsides of staying at a job more than a couple years: corporate cards and PGP key expiry dates suddenly matter.
1
0
2