Takeaways: Attacks: -Injection (silly activities could defeat an AI model, since this data is not in the training data). -Grounding (allows an AI to show false outputs, through data creation, (Search, Engine, Optimization) and then the result is shown by the AI. -Prompt Hijacking (when the context is modified by someone that does not have the authority to do it, like a user's input being treated as a developers). Exploits: -Conversation attacks to Business flaws (wrong discounts, upgrades, math) -Guardrails attacks

Takeaways: GPT is making many structured relation placement between words in different levels (layers) so different inputs could bring a set of outputs, but it's not a DB, and it's not searching for patterns within a created DB. Within the GPT answers are the alignment response rules, what would be if a response is following the user's request in spite of company intent or social or compliance rules. GPT models are not that good at making a whole story or remembering a conversation, so it's not good in making novels, but it has a window response that would be good from a user's point of view aligning to their intend. Guardrails are limits or ways to make a system in place to follow alignments. Grounding as a hallucination mechanism, providing context to the user's query through a database management (large language model), so whenever the user is asking a question that needs more info about, or that is recent, the app would bring another page, just like google would retrieve twitter webpage when someone is asking for it. AI application: Scammer response generator

Awesome videos learned a lot. I couldn't find the law bas project online you talked about, could you help me out? Thanks

May I use the video as the training material? Thank you.

How is a portal entered

I wish the movies had subtitles because I am deaf and I hardly understand and I have hearing problems

Sans is very overrated, I don’t know how they got so big

Good talk but you like to stroke your ego quite often and to say Elon doesn't know what he's talking about is a stretch

This is true AI Safety, all the closed-sourced policy holders guiding the system is doing is showing the AI how to say no to end-user. I mean alignment is not a bad thing but the block box approach is just tuning models to select what human alignment is for the user.

Thank you 🎉🎉🎉

This is only helpful for a very niche crowd. If your have to protect your network or anything like that, wasting time

Huge thanks

NGL this is probably my favourite SANS presentations ever. Retention has always been an issue of mine. With ANKI I've been able to take Tests and Exams with a high level of confidence. thanks Josh!

@4:54 The statement "Kerberos uses shared secrets for authentication in a Windows domain, there is only one, the NTLM hash" is not entirely accurate. While it is true that NTLM (NT LAN Manager) is a legacy authentication protocol used in Windows environments, Kerberos is the primary authentication protocol used in Active Directory domains. Kerberos does not rely on shared secrets in the same way as NTLM. Instead, it uses a trusted third-party authentication system and symmetric key cryptography to verify the identities of users and services within a network. Kerberos authentication involves the use of tickets and does not directly rely on the storage of password hashes. Furthermore, the statement overlooks the fact that Kerberos also involves the use of a Kerberos hash, which is derived from the user's password and is used in the authentication process. In summary, the statement oversimplifies the authentication mechanisms used in Windows domains and does not accurately represent the role of Kerberos and the use of shared secrets in the context of Windows domain authentication.

Would SEC504 provide enough preparation for this course?

Please use dark backgrounds

8:00 - all letters in English language 9:41 neural network 22:13 - AI confessing love 26:58 Hallucination 32:06 prompt engineering 40:53 - AI apology 😂 46:58 - Go game beat by human 54:00 - sequencing attack

Hi there, can I use your video for training purposes at a non for profit?

Excellent content!

Here from tryhackme

The news segments were so cringe

Please !! Discount for this course

Awesome talk 👏 Really good explanation about what AI is doing Great animations Was always engaged throughout the talk Questions need to be audible though that was the only issue

Thats informative

Thats informative

Thats informative

AAAA

I wish the courses where cheaper😢 kids like me would go broke getting this

May we use this in our staff training on security awareness for our company employee annual training?

thank you!

anyone say how to increase font size or decrease font size on burp suite

When is this course going to be available?

Fascinating stuff! Thanks for the well communicated and in-depth presentation.

Thank You for this learning material

This is really good

Very informative; thanks!!!

Great video. Just a quick question, why were the reasons you did not choose Caldera as a suitable open source C2 option ? Codially

TNice tutorials is my tNice tutorialrd ti watcNice tutorialng tNice tutorials video. I'm switcNice tutorialng over from soft One 4 to soft for my production and your video was the first one I

BROTHER, YOU ARE THE BEST!!! You oooh really helped me!! THANK YOU VERY MUCH!

This burpsuite is so useful

♥ thank you

Great presentation. Very insightful and educational!

Very Informative! Thank you,

Go Packers!

Thanks for the tutorial

You saved me. I didn't find the ctrl+space keyboard shortcut to send the request for the repeater tab anywhere googling

Ever since I learned about this I am just speechless about how this FUBAR happened. The fact that Solidity even lets this happen at all is absurd. Easily the worst programming language I've ever seen (esolangs don't count since they were intended to be bad)

How much is this course?

This was brilliant work. Thank you again for another amazing video. I really appreciated the "Attack surface management aspect". Thank you as well Chris Dale :)