Simple Cybersecurity LLM Chatbot sorta [2024-03-18]

Posted on Mon 18 March 2024 in Thought • Tagged with security, LLM, AI, mistral, llama2

Why?

Because why not? I've already built a couple of LLM-specific focus bots that are truly locally hosted. But, documenting the process? That's new to me. Plus, I aimed for this to be a self-contained/isolated application. So, in this event, I wanted to document the basic setup since I …


Continue reading

Alert Severity Context [2024-02-22]

Posted on Thu 22 February 2024 in Thought • Tagged with alerts, malware, vulnerabilities, security, IT, devops, sre, lgd

Earlier, I was having a discussion with some friends about what feeds into alert severity. Given our background in cybersecurity, we've seen our fair share of security alerts, but also a fair amount outside of the security domain (think IT, SRE, DEVOPS, Compliance, Business risk, etc.). So, what goes into …


Continue reading

macOS VM prep on Apple Silicon [2024-02-19]

Posted on Mon 19 February 2024 in Thought • Tagged with RE, reverse engineering, macOS, exploit dev, VM, virtual machine

macOS setup on silicon

Setting up virtual machines (VM) has always been fun for me, yet it seems to be a practice from the past. When setting up a VM of macOS Sonoma on Apple Silicon, particularly the Apple M1 Max with 64GB of memory, I was in search of …


Continue reading

Reverse Engineering and Decompilers [2024-02-10]

Posted on Sat 10 February 2024 in Thought • Tagged with RE, decompilers, reverse engineering

Diving Back into Code

I have been delving back into some lower-level code, specifically assembly. The goal is essentially a refresher for me on reverse engineering and exploit development techniques. It has been refreshing to relearn some of the techniques and tooling available today.

Currently, I have been experimenting with …


Continue reading

Prioritizing Cybersecurity Vulnerabilities

Posted on Mon 03 April 2023 in Thought, Cybersecurity, Vulnerability Management, CVSS, CVE

The topic of vulnerability management and prioritization has been garnering significant attention lately. Traditional methods of prioritizing vulnerabilities often rely on the Common Vulnerability Scoring System (CVSS) or severity ratings, such as critical, high, medium, and low.

However, CVSS and severity ratings lack context, limiting their effectiveness as prioritization systems …


Continue reading