https://dualuse.io/ Recent content in Dualuse on DUALUSE Hugo -- gohugo.io en-us Wed, 05 Jul 2023 00:00:00 +0000 https://dualuse.io/blog/llm-powered-rule-generation/ Wed, 05 Jul 2023 00:00:00 +0000 https://dualuse.io/blog/llm-powered-rule-generation/ This technical article explores in depth one way to layer embeddings powered k-nearest-neighbor (kNN) search, retrieval augmented generation, and specialist LLM tools to turn what might take a single engineer a month to complete into a task that completes in 40 minutes and costs less than $10 in OpenAI API credits. https://dualuse.io/blog/llm-powered-appsec-wins/ Tue, 30 May 2023 00:00:00 +0000 https://dualuse.io/blog/llm-powered-appsec-wins/ A steady stream of Fear, Uncertainty, and Doubt surrounding Large Language Models (LLMs) dominates the discourse; Leaking IP? Generated code with vulnerabilities? Verbatim extracts from GPL code? Will OpenAI employees learn about your top-secret plans? https://dualuse.io/blog/harnessing-the-hive-mind/ Mon, 27 Mar 2023 00:00:00 +0000 https://dualuse.io/blog/harnessing-the-hive-mind/ Crowd-sourced, open source, and customization-out-front tools continue to make noise in the security tooling marketplace. These are not new developments. We, of course, know about projects like FindBugs and select projects from OWASP. https://dualuse.io/blog/curryfinger/ Tue, 10 Sep 2019 00:00:00 +0000 https://dualuse.io/blog/curryfinger/ CURRYFINGER measures a vanilla request for a particular URL against requests directed to specific IP addresses with forced TLS SNI and HTTP Host headers. The tool takes a string edit distance, and emits matches according to a rough similarity metric threshold. https://dualuse.io/blog/alexatop/ Mon, 09 Sep 2019 00:00:00 +0000 https://dualuse.io/blog/alexatop/ I put this tool together over a weekend in order to produce a dataset for other tools I’m writing. We PoC this against the Alexa top 1m, but you might enjoy using it to find domains that land in other ranges of interest. https://dualuse.io/blog/dnspump/ Fri, 21 Jun 2019 00:00:00 +0000 https://dualuse.io/blog/dnspump/ This tool helps you deliver files to machines entirely over DNS using TXT records. Point ns records at a box, host DNSPUMP and you’re ready to roll. DNSPUMP was hastily hacked together over the course of two days and relies entirely on the excellence of Miek Gieben’s Go DNS package miekg/dns 1. https://dualuse.io/blog/gns3-dtp-short/ Tue, 29 Jan 2019 00:00:00 +0000 https://dualuse.io/blog/gns3-dtp-short/ Layer 2 attacks are ancient and the enlightened world (all 5 of us, including you) has moved on to assume that transport is broken focusing instead on application layer protections. Still, abusing these old Layer 2 defects can be fun, and occasionally the difference between failure and Access1. https://dualuse.io/blog/styling-dualuse/ Thu, 10 Jan 2019 00:00:00 +0000 https://dualuse.io/blog/styling-dualuse/ I really wanted to play around with fonts - at least 90% of building this site was an excuse to play with typesetting. Read on for invaluable notes on how to spend an excessive amount of time tweaking font styles. https://dualuse.io/blog/building-dualuse/ Wed, 09 Jan 2019 00:00:00 +0000 https://dualuse.io/blog/building-dualuse/ Publishing has always been a bit tricky for me; as a strategy to avoid generating content I hold some synthetic requirements near and dear. I look for, in any generator, control over the output - and minimalism. https://dualuse.io/blog/xenforo/ Mon, 26 Mar 2018 00:00:00 +0000 https://dualuse.io/blog/xenforo/ TL;DR - You can skip right to the results for the code. A list that recently hit Hashes.org, with 1 million records and a low crack rate, looked like an interesting target, given that the community had recovered less than 0.