🦑🤺 Threat modeling GenAI Workloads: Don't Skip This ⚡️

Threat modeling is one of the oldest aspects of cybersecurity, as early as 1977 some form of threat models were leveraged to understand the risks against systems.

🤔 However, threat modeling is not commonly practiced because it is manual and time-intensive. But is it worth the time, effort & resources? Hell YES. The value of threat modeling continually increases as our systems become more complex.

Yes, your GenAI workloads aren't exempted ! 🙌

🎊 GOOD NEWS -> There are abundant resources that help streamline threat modeling by automating several steps.

The Threat Composer tool from Amazon Web Services (AWS) is one of such tools.

🌩 A recent AWS blog post, provides a recommended approach for threat modeling GenAI workloads using Threat Composer. Adam Shostack's four question framework is used as a guide.

👉 Check out the blog post here - https://lnkd.in/g6i4zSpN

Here is a quick summary:

1️⃣ What are we working on?
Aims to get a detailed understanding of your business context & application architecture. Example outcomes are Data Flow Diagrams, assumptions, and key design decisions.

2️⃣ What can go wrong?
Identify possible threats to your application using the context & information gathered from the previous question. Leverage info sources e.g. OWASP Top 10 For Large Language Model Applications & Generative AI, MITRE ATLAS

3️⃣ What are we going to do about it?
Consider which controls would be appropriate to mitigate the risks associated with the threats identified in the previous question. Some info sources (per previous question) have sections for mitigations which could be super useful.

4️⃣ Did we do a good enough job?
Contrary to popular opinions, threat modeling exercises do not end after the actual activity ! Its important to verify the effectiveness of the implemented mitigations to determine if the identified risks have been addressed. Use penetration testing, adversary emulation etc to proactively evaluate the effectiveness of implemented mitigations.

Ref: Kennedy T
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🚨 Industrial Workstations Under Cyber Siege: A Growing Threat

https://undercodenews.com/industrial-workstations-under-cyber-siege-a-growing-threat/

@Undercode_News

⚡️ #WhatsApp Beta Gets a New Feature: Adjustable Video Playback Speed

https://undercodenews.com/whatsapp-beta-gets-a-new-feature-adjustable-video-playback-speed/

@Undercode_News

🦑Understanding HTML Injection 💉

HTML injection is a type of attack where malicious HTML code is inserted into a website. This can lead to a variety of issues, from minor website defacement to serious data breaches. Unlike other web vulnerabilities, HTML injection targets the markup language that forms the backbone of most websites.
This attack differs from other web vulnerabilities that exploit server or database weaknesses because it focuses on manipulating the structure and content of a webpage

Ref: Mehedi Hasan Babu
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

📱 Level Up Your Workflow: #ChatGPT Mac App Gets a Boost with Voice Commands and App Integration

https://undercodenews.com/level-up-your-workflow-chatgpt-mac-app-gets-a-boost-with-voice-commands-and-app-integration/

@Undercode_News

#AI-First India: A Skills Revolution

https://undercodenews.com/ai-first-india-a-skills-revolution/

@Undercode_News

🦑IAM vs. PAM: Understanding the Key Differences 🔒

In today’s rapidly evolving cybersecurity landscape, managing access and securing sensitive data is more critical than ever. Two foundational tools in this effort are Identity and Access Management (IAM) and Privileged Access Management (PAM). While both are essential, they serve distinct purposes:

🔑 Identity and Access Management (IAM)

🔻 Focus: Managing identities and access rights for all users.
🔻 Scope: Broader, covering employees, contractors, partners, and even devices.
🔻 Key Functions: Authentication, Single Sign-On (SSO), user provisioning/de-provisioning, governance, and compliance reporting.
🔻 Goal: Streamlining access across the IT ecosystem while improving operational efficiency and ensuring compliance.

🔒 Privileged Access Management (PAM)

🔻 Focus: Securing and controlling access to privileged accounts with elevated permissions.
🔻 Scope: Narrower, targeting administrators, IT staff, service accounts, and third-party vendors.
🔻 Key Functions: Credential vaulting, session monitoring, least privilege enforcement, and just-in-time access.
🔻 Goal: Protecting critical systems and sensitive data from breaches or abuse of high-risk accounts.

Implementing both IAM and PAM creates a layered security approach. IAM ensures proper access for all users, while PAM locks down high-risk areas, minimizing vulnerabilities and adhering to the Zero Trust framework.

📊 This visual summary (attached) simplifies the key differences and highlights how these tools work together to strengthen cybersecurity.

Ref: Fadi Kazdar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ Rida Nigeria Shakes Up Ride-Hailing with Unique Negotiation Feature and App Upgrade

https://undercodenews.com/rida-nigeria-shakes-up-ride-hailing-with-unique-negotiation-feature-and-app-upgrade/

@Undercode_News

📱 NetApp's India Innovation Hub: Revolutionizing Data Storage and #AI

https://undercodenews.com/netapps-india-innovation-hub-revolutionizing-data-storage-and-ai/

@Undercode_News

📊 Equal: Revolutionizing Data Sharing for a Better India

https://undercodenews.com/equal-revolutionizing-data-sharing-for-a-better-india/

@Undercode_News

⚡️ #AI: The New Frontier for Business and Innovation

https://undercodenews.com/ai-the-new-frontier-for-business-and-innovation/

@Undercode_News

🤖 Dependabot and npm 6 End-of-Life

https://undercodenews.com/dependabot-and-npm-6-end-of-life/

@Undercode_News

#Amazon Pushes Back Return-to-Office Mandate Due to Space Constraints

https://undercodenews.com/amazon-pushes-back-return-to-office-mandate-due-to-space-constraints/

@Undercode_News

🦑Understanding Modern Cybersecurity Tools: EDR, XDR, SOAR, SIEM, and Integrated Solutions 🚨

Navigating the world of cybersecurity solutions can be complex. Each tool serves a unique purpose, but understanding their differences is crucial for building an effective security strategy. Here's a quick comparison:

✅ EDR (Endpoint Detection and Response): Focuses on endpoint security by detecting/responding to threats on devices like laptops and servers. Great for organizations with endpoint-centric threats.

✅ XDR (Extended Detection and Response): Expands visibility across endpoints, networks, and cloud environments, providing unified threat detection across domains.

✅ SOAR (Security Orchestration, Automation, and Response): Automates and streamlines incident response processes, saving time and improving efficiency.

✅ SIEM (Security Information and Event Management): Offers centralized log management and real-time monitoring for identifying and correlating security events.

✅ Integrated Solution (EDR + XDR + SOAR + SIEM): Combines the strengths of all these tools for holistic threat detection, response, and seamless integration.

Ref: Fadi Kazdar
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑𝐃𝐎𝐌 𝐗𝐒𝐒 Testing Method

While "DOM Invader" is not a new feature of Burp, I feel that alot of people don't use it enough (or are not aware of it)

It works by submiting a random string generated by Burp (named "canary") in existing input fields or URL parameters

Then "DOM Invader" will check how your input is processed, providing you with necessary context and sanitization details.

1. Start Burp Browser
2. Turn on the DOM Invader
3. Copy and Paste the canary in the target input field or URL parameter
4. Check the DOM Invader tab for "Interesting sinks"
5. Craft the payload or use the "Exploit" option to automate

Ref: Andrei Agape
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Malwares Detection bypass:

𝑴𝒊𝒔𝒖𝒔𝒊𝒏𝒈 𝑺𝒕𝒓𝒖𝒄𝒕𝒖𝒓𝒆𝒅 𝑬𝒙𝒄𝒆𝒑𝒕𝒊𝒐𝒏 𝑯𝒂𝒏𝒅𝒍𝒆𝒓𝒔 💡

In malware analysis, one common anti-disassembly technique is 𝐒𝐭𝐫𝐮𝐜𝐭𝐮𝐫𝐞𝐝 𝐄𝐱𝐜𝐞𝐩𝐭𝐢𝐨𝐧 𝐇𝐚𝐧𝐝𝐥𝐢𝐧𝐠 (𝐒𝐄𝐇) manipulation.

SEH is a mechanism in Windows for managing exceptions, but it can also be exploited to confuse disassemblers and debuggers. By injecting fake exception records into the SEH chain, attackers can redirect program flow, making it difficult for static analysis tools to follow the actual execution path. This redirection not only complicates reverse engineering but also disrupts debugging processes, forcing tools to misinterpret or skip over key code sections.

Ref: Ait Ichou Mustapha
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Level Up Your Free Fire MAX Experience with Exclusive Redeem Codes

https://undercodenews.com/level-up-your-free-fire-max-experience-with-exclusive-redeem-codes/

@Undercode_News

Pocket: Your Affordable #AI Assistant for Recording, Transcribing, and Organizing Conversations

https://undercodenews.com/pocket-your-affordable-ai-assistant-for-recording-transcribing-and-organizing-conversations/

@Undercode_News