suricatoti

Introduction Password cracking — the offline brute-force attacks you hear about — remains one of the most practical ways attackers gain unauthorized access. Many apps and systems hash or encrypt sensitive data so that plaintext passwords aren’t stored and intercepted credentials aren’t easily exposed during a man-in-the-middle. Password cracking tries to reverse that protection by … Ler mais

One of the most common sources of security vulnerabilities comes from the improper handling of untrusted data. In traditional web security, this often leads to injection attacks. Some classic examples include: LLMs and Output-Based Attacks In this module, we’ll focus specifically on output attacks against text-based models like LLMs. In real-world deployments, however, the scope … Ler mais

Large Language Models (LLMs) have become powerful tools in answering questions, creating content, and even solving complex problems. But here’s the secret: the quality of what you get depends heavily on what you give. That “what you give” is known as the prompt — the input that guides the model’s behavior. A well-crafted prompt doesn’t … Ler mais

Introduction to Red Teaming AI and Machine Learning Systems As Artificial Intelligence (AI) and Machine Learning (ML) become deeply integrated into modern technologies, securing these systems has emerged as a critical challenge. This module serves as a comprehensive introduction to red teaming AI deployments, offering learners a clear understanding of both the opportunities and the … Ler mais

Artificial Intelligence is rapidly transforming the field of cybersecurity, and understanding how to build and apply AI models is becoming an essential skill. This module serves as a hands-on introduction to AI in infosec, guiding learners through the full process of setting up an environment, working with data, and building models that can solve real-world … Ler mais

Skills Assessment Which probabilistic algorithm, based on Bayes’ theorem, is commonly used for classification tasks such as spam filtering and sentiment analysis, and is known for its simplicity, efficiency, and good performance in real-world scenarios? Naive Bayes is popular because it is simple, fast to train, and works very well for tasks like spam detection … Ler mais

Arbitrary file upload vulnerabilities rank among the most severe weaknesses in web applications. These flaws allow attackers to upload malicious files to the server, which can then be executed to run arbitrary commands on the back-end. In the worst cases, this can lead to full server compromise, affecting all hosted applications, exposing sensitive data, or … Ler mais

Passwords remain the most common form of authentication within corporate networks. However, when organizations fail to enforce strong password policies, users often fall back on weak, easy-to-remember choices. These weak passwords are prime targets for offline cracking and can be exploited by attackers to escalate privileges and gain deeper access. As penetration testers, we frequently … Ler mais

Cross-Site Scripting (XSS) is one of the most prevalent vulnerabilities found in web applications. Exploiting an XSS flaw can let an attacker run arbitrary JavaScript in a user’s browser, potentially leading to full compromise of the web application when combined with other weaknesses. This module will guide you through identifying XSS vulnerabilities and demonstrating how … Ler mais