I’ve been using a mini-computer as home-server for the last couple of years. Originally, I used it to share files between my computers, but over time more and more services (like RSS-readers, media-libraries, home automation, etc.) were moved on that surprisingly capable mini-server. I’ve grown up using Linux (well, I was already 16 when Linux became available around here, but you get the gist) so it always felt natural to me to just just use a minimal Linux installation (debian) instead of using some NAS that supports add-on third-party software. ...

Adding Plan-and-Execute Planner All sources can be found in our github history. When using LLMs for complex tasks like hacking, a common problem is that they become hyper-focused upon a single attack vector and ignore all others. They go down a “depth-first” rabbit hole and never leave it. This was experienced by me and others. Plan-and-Execute Pattern One potential solution is the ‘plan-and-solve’-pattern (often also named ‘plan-and-execute’-pattern). in this strategy, one LLM (the planner) is given the task of creating a high-level task plan based upon the user-given objective. The task plan is processed by another LLM module (the agent or executor). Basically, the next step from the task plan is taken and forwarded to the executer to solve within in a limited number of steps or time. ...

Simplify our Tool-Calling Agent through create_react_agent LangGraph has some amazing Prebuilt Components, one of them is the create_react_agent function that allows you to hughely simplify creating new tool-using agents. The full source code can be found within our github history. The simplified version This willb e based upon our recent configuration-improved version. Similar to that version, we start by reading the configuration data, setting up our LLM, connecting to the target system via SSH, and configuring tools for usage through LLMs: ...

Improving Configuration Handling, esp. for Tools While being quite happy that the initial prototype worked within hours, its code was very prototype-y, i.e., much of its configuration was hard-coded. In a second step, we want to fix this by making our target information (the SSH connection) configurable and remove all hard-coded credentials from the code. Big Picture We are already using python-dotenv for some of our configuration so it makes sense to further utilize this for more configuration data. In the improved implementation, our .env will look like this: ...

The first parts of this series were about getting more done while at work as well as making it easier to switch from work into leisure mode. Both have a rather bottom-up feeling to them. In contrast, this post will be top-down: investigating my scheduling habits and trying to get them to a point where they actually protect myself from over-scheduling too much work. My Scheduling Habits thus far After years or trying different todo and task applications, I’ve settled upon a rather simplistic approach: simple markdown todo lists versioned through git. Mostly I use this for reminders, things that I need to do for work and, leisure activities such as reminding me to go do some yoga. ...

While the initial experiment focused upon productivity, the main goal of this series is to improve my work/life balance. Getting more productive should just allow me to switch from work to leisure earlier. Currently I have access to my university office, so I have a nice geographical separation between Work/“The Office” and “Everything Else”. So basically I want to keep work at the Office and leisure (mostly) outside of it: getting out of the office to recover while keeping distractions out of the office to let me get out of it faster. This is primarily about the office space, my coworkers are actually part of my recovery activities such as climbing. If I wouldn’t have access to the university office anymore I would have to get some shared office space. ...

Last winter I was lucky to enroll in the so-far best lecture of my PhD studies: From Surviving to Thriving: Crafting your good personal Life by the great Geraldine Fitzpatrick. The course was about stress, mindfullnes, crafting, productivity.. nothing mind-blowing nor rocket science but comprehensive, accessible, and charmingly presented. Recently I read Do Nothing which I thoroughly enjoyed. Maybe it’s time to experiment with my time (or rather life) management.. My Background Just to give a bit of context: I am 41 and by now am back in Academia doing a PhD about the intersection of computer security and machine learning while I freelance as pen-tester and doing commercial security training workshops/talks, mostly about secure development and/or web security. ...

Presented at FSE'23 in San Francisco, US, arxiv version: Offensive security-tests are a common way to pro-actively discover potential vulnerabilities. They are performed by specialists, often called penetration-testers or white-hat hackers. The chronic lack of available white-hat hackers prevents sufficient security test coverage of software. Research into automation tries to alleviate this problem by improving the efficiency of security testing. To achieve this, researchers and tool builders need a solid understanding of how hackers work, their assumptions, and pain points. In this paper, we present a first data-driven exploratory qualitative study of twelve security professionals, their work and problems occurring therein. We perform a thematic analysis to gain insights into the execution of security assignments, hackers’ thought processes and encountered challenges. This analysis allows us to conclude with recommendations for researchers and tool builders to increase the efficiency of their automation and identify novel areas for research. ...

Presented at FSE'23 in San Francisco, US, arxiv version: The field of software security testing, more specifically penetration testing, is an activity that requires high levels of expertise and involves many manual testing and analysis steps. This paper explores the potential usage of large-language models, such as GPT3.5, to augment penetration testers with AI sparring partners. We explore the feasibility of supplementing penetration testers with AI models for two distinct use cases: high-level task planning for security testing assignments and low-level vulnerability hunting within a vulnerable virtual machine. For the latter, we implemented a closed-feedback loop between LLM-generated low-level actions with a vulnerable virtual machine (connected through SSH) and allowed the LLM to analyze the machine state for vulnerabilities and suggest concrete attack vectors which were automatically executed within the virtual machine. We discuss promising initial results, detail avenues for improvement, and close deliberating on the ethics of providing AI-based sparring partners. ...

TL;DR WSL2 seems to be one big lolbin when it comes to EDR Scenario/Background During a recent assumed-breach pen-test assignment I was stranded as a low-level user on a fully-updated Windows 10 Enterprise system (10.0.19045) including a deployed CrowdStrike Falcon EDR suite (6.49.16303.0). As I respect CrowdStrike I did not want to execute any malicious scripts on the host, so what to do? WSL2 to the rescue! Installation was done quite comfortable through the company’s Software Center, no local administrative rights required. ...