101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

485
active users

#audit

1 post1 participant0 posts today
Continued thread

Discover 12 AI Tools to automate your pentest and cybersecurity audits-3 🧠⚔

#AI #tool #pentest #cybersecurity #audit

11. 📉 Garak (github.com/NVIDIA/garak)
NVIDIA’s tool for red-teaming and probing LLMs, designed to test model safety, robustness, and leakage.
12. 🧭 Auto Recon LLM (github.com/CyberSecurityUP/aut)
Automates the reconnaissance phase using LLMs to interpret recon output and make tactical decisions.

GitHubGitHub - NVIDIA/garak: the LLM vulnerability scannerthe LLM vulnerability scanner. Contribute to NVIDIA/garak development by creating an account on GitHub.
Continued thread

Discover 12 AI Tools to automate your pentest and cybersecurity audits-2 🧠⚔

#AI #tool #pentest #cybersecurity #audit

6. 🧩 Nuclei AI Extension (github.com/projectdiscovery/nu)
Official extension for Nuclei that uses AI to suggest and create new detection templates from HTTP responses.
7. 💣 HackGPT (github.com/NoDataFound/hackGPT)
A GPT-powered hacking CLI to assist with payload crafting, bypass techniques, and offensive scripting.
8. 🛡 AutorizePro (github.com/WuliRuler/AutorizeP)
Authorization fuzzing tool with GPT integration to generate smarter test cases and detect access control issues.
9. ☁ CloudGPT (github.com/ustayready/cloudgpt)
Uses GPT to identify misconfigurations and vulnerabilities in cloud environments like AWS, GCP, and Azure.
10. 📦 K8sGPT (github.com/k8sgpt-ai/k8sgpt/)
Diagnoses misconfigurations and vulnerabilities in Kubernetes clusters, explained in natural language via LLMs.

GitHubGitHub - projectdiscovery/nuclei-ai-extension: Nuclei AI - Browser Extension for Rapid Nuclei Template GenerationNuclei AI - Browser Extension for Rapid Nuclei Template Generation - projectdiscovery/nuclei-ai-extension

Discover 12 AI Tools to automate your pentest and cybersecurity audits-1 🧠⚔

#AI #tool #pentest #cybersecurity #audit

1. 🧠 PentestGPT (github.com/GreyDGL/PentestGPT)
LLM-based tool that simulates a step-by-step penetration testing process, emulating a realistic attack workflow.
2. 🤖 Auto-Pentest-GPT-AI (github.com/Armur-Ai/Auto-Pente)
An AI-powered framework using GPT-4 to perform automated pentests with logical, chain-of-thought exploration.
3. 🔍 BurpGPT (github.com/aress31/burpgpt)
A Burp Suite extension that integrates GPT to analyze requests/responses and suggest payloads or detect vulnerabilities.
4. 🌐 ReconAIzer (github.com/hisxo/ReconAIzer)
An AI-driven reconnaissance assistant using GPT-4 to interpret recon tool results and recommend next steps.
5. 🔐 PassGAN (github.com/brannondorsey/PassG)
A generative adversarial network trained to generate real-world passwords based on leaked data — a smart brute-force ally.

GitHubGitHub - GreyDGL/PentestGPT: A GPT-empowered penetration testing toolA GPT-empowered penetration testing tool. Contribute to GreyDGL/PentestGPT development by creating an account on GitHub.
Continued thread

Day 12 cont 💰🧧🇨🇳

The #Liberals have a candidate problem continued:

“Liberal #candidate #ScottYung and party officials have declined to answer detailed #questions about whether his use of #Chinese celebrities and a public relations firm in the 2019 #StateElection complied with official #guidelines, as the Liberal party confirms an #audit of campaign disclosures.

A private dinner at a “luxurious venue” in #Sydney to raise #CampaignFunds for Yung, featuring the former Liberal prime minister #TonyAbbott, has also been cancelled without explanation.”

“Wishing the talented young Chinese Mr #RongSicheng [Scott Yung] has great success ahead and a boundless future! All the best! I’m #ZhangTielin from #Beijing, #China.”

The cursed Liberal Christian name “Scott” strikes again.

#AusPol / #LNP / #Bennelong / #Kogarah <theguardian.com/australia-news>

The Guardian · Bennelong Liberal candidate declines to say whether Chinese celebrity endorsements complied with guidelinesBy Henry Belot
Continued thread

" #DOGE appears to have completely eschewed the existing processes for actually rooting out waste, #fraud, and abuse.

“An #audit that follows Generally Accepted Government Auditing Standards (GAGAS)... That is the gold standard for how you audit the #government.”

There are generally five phases of a GAGAS audit, the auditors tell WIRED: planning, evidence gathering, evaluation, reporting, & follow up."
wired.com/story/federal-audito

#ElonMusk#Musk#Coup
Continued thread

‘It’s a Heist’: Real Federal Auditors Are Horrified by DOGE

WIRED talked to actual federal auditors about how #government auditing works—and how DOGE is doing the opposite.
wired.com/story/federal-audito

"federal #auditors with years of #experience... say that DOGE’s actions are the furthest thing from what an actual #audit looks like...

“Honestly, comparing real #auditing to what #DOGE is doing, there’s no comparison... None of them are auditors”

#ElonMusk#Musk#Coup

Had a call today with one of those security compliance vendors (eg SOC2 platform) stuff. I could have closed my eyes and been at a used car dealer.

- What else are you looking at? Really wanted specific names.
- I can do a deal, just need to check with finance
- A number of add-ons available at 5k+ each
- How long would you sign for?
- Can fit so much automation and AI in this bad-boy you won't have to do anything.

Continued thread

The nuance that seems to come up is parent records with child records - ie if you remove the association, the associated child audit entries disappear.

Its easier to see the issue if you remove this type of record keeping to other situations- ie if a foster parent looks after a child, say the kid breaks a leg playing football while under the care of the carer, then the kid moves on…. You’d want to know that both the kid had the accident with the carer and that the carer looked after a kid that had an accident while with them. Both sets of information either end are needed. The accident shouldn’t disappear from the carer’s record.

Yet you hear this from system designers or developers.

I’m starting to think that anyone who designs or builds systems that handle data should do a basic bookkeeping course that covers how double entry works.

The accountants managed to work out for us since the 13th Century that if you move money from A to B, both A and B need an audit entry describing the movement each way. Write only - nothing is removed. Yet I don’t see an equivalent teaching in the various system design books, despite this concept being fundamental to any system that needs (financial and non-financial) auditing capabilities.