Fred Rohrer's Blog

Docker And Why It Adds False Security: A Deep Dive into Docker Risks and Fixes

Docker has revolutionized the way we build, ship, and run applications by leveraging containerization. However, beneath its convenience lies a critical concern: if not secured properly, breaking out of a Docker container to gain access to the host system is alarmingly easy. This article explores why Docker containers can be

OWASP

Understanding the OWASP Top 10 for LLMs: Risks and Controls

Understanding the OWASP Top 10 for LLMs: Risks and Controls 1. Prompt Injection Prompt injection occurs when malicious inputs manipulate a Large Language Model (LLM) into executing unintended actions or revealing sensitive data. Attackers craft inputs that override the model’s instructions, potentially leading to data leaks or unauthorized actions.

AI

The AI Revolution: Why Discernment is the Skill of Tomorrow

The AI Revolution: Why Discernment is the Skill of Tomorrow Introduction In a world where artificial intelligence (AI) can write essays, design logos, compose music, and even debug code, the traditional markers of expertise are being redefined. Much like the rise of digital tools transformed industries in the past, AI

Harnessing AI for Shadow IT Discovery: A Technical Dive

Harnessing AI for Shadow IT Discovery: A Technical Dive Shadow IT—those unauthorized applications and services employees use outside the purview of IT departments—poses a significant challenge for organizations. It can lead to security vulnerabilities, compliance issues, and operational inefficiencies. Discovering and managing these hidden tools is no small

AI

Vibe Coding: A Security Minefield for Software Developers

Let’s dive straight into the gritty reality of “vibe coding”—the practice of letting AI write code for you. It’s tempting, right? Tools like GitHub Copilot or ChatGPT spit out code in seconds, saving you hours of typing. But here’s the catch: this convenience can be a

Model Context Protocol: Building Secure Data Connections for AI Applications

What is the Model Context Protocol (MCP)? The Model Context Protocol (MCP) is an open standard designed to create secure, bidirectional connections between data sources and AI applications. Instead of building custom integrations for each data source, MCP provides a standardized way for AI systems (clients) to access and interact

LLM Inference Sampling Methods

Sampling methods in large language models are essential for fine-tuning the balance between accuracy and diversity in generated responses. Here’s a deeper dive into various sampling techniques—temperature sampling, top-K, top-P (nucleus sampling), min-P, and beam search—along with guidance on when to apply each. 1. Temperature SamplingTemperature adjusts

Detecting AI-Generated Images Using Entropy Analysis

Professional researchers (and myself) have been exploring ways to distinguish AI-generated images from real ones every since they took over certain social media. In this blog post I present a way to detect AI-generated pixel images, by analyzing the randomness of each RGB channel using local entropy calculations. The Process

Mastering Risk Assessments: Leveraging CIA, STRIDE, and MITRE ATT&CK

In my years working in cybersecurity, I've learned that thorough risk assessments are key to protecting a company's assets. Over time, I've put together a process that combines the CIA triad, STRIDE methodology, and the MITRE ATT&CK framework to cover all our bases. I start by looking at

Context-Dependent Sentence Detection in LLM Caching Pipelines

Building an effective caching pipeline is extremely important to keep costs down and improve the user experience by lowering latency. However, we'll run into one pesky issue immediately: How do we determine which user prompts to cache, and which to ignore? For example: Say you have a user question "

Just-in-Time Coding: The Future of AI-Driven Software Development

As an AI enthusiast and software developer, I've been closely following the rapid advancements in artificial intelligence and its potential impact on the world of computing. One concept that particularly excites me is what I call "just-in-time coding" – a future where code is generated on-demand, based on the

Building a Binary Classifier in Keras for Splunk Logs

As a data scientist, I recently worked on a project where I needed to build a binary classifier to analyze Splunk logs. I decided to use Keras, a powerful and user-friendly deep learning library, to tackle this task. Here's how I went about creating a simple binary classifier in Keras

Top 10 OWASP Vulnerabilities and Python Scripts to Test Them

Injection: Injection vulnerabilities occur when untrusted data is sent to an interpreter as part of a command or query. To test for injection vulnerabilities using Python, you can use the requests library to send payloads and analyze the responses. Here's an example script to test for SQL injection: import requests

The Crucial Role of Identity Management in Ensuring Business Continuity

As a seasoned IT professional, I cannot stress enough the importance of a robust identity management program in maintaining business continuity. In today's digital landscape, where cyber threats loom large and data breaches can cripple organizations, implementing a comprehensive identity management solution is no longer a luxury but a necessity.

Leveraging the MITRE ATT&CK Framework for Effective Detection and Response

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework has become an essential tool for organizations looking to strengthen their cybersecurity posture. This comprehensive matrix provides a structured approach to understanding and defending against the various tactics, techniques, and procedures (TTPs) employed by adversaries. By mapping out

OWASP Risk Rating Methodology: A Guide to Web Security Assessment

Introduction Web security is a critical concern for organizations of all sizes. The Open Web Application Security Project (OWASP) provides a comprehensive framework for assessing and mitigating web application security risks. The OWASP Risk Rating Methodology is a key component of this framework, enabling security professionals to prioritize and address

Selecting and Creating Detection Rules with Syslog and Splunk

In today's cybersecurity landscape, effective detection rules are crucial for identifying and mitigating potential threats. Syslog, a standard protocol for logging system events, can be leveraged to create powerful detection rules. By ingesting these rules into Splunk, a leading security information and event management (SIEM) platform, organizations can enhance their

framework

Detection & Response - Introduction

What is Detection and Response?Detection and Response (not DR - Disaster Recovery) in cybersecurity refers to the basic processes and techniques used to detect and respond to cyber threats. Detection:Monitoring: Continuous monitoring of network and device activity to identify abnormal behavior.Log Management: Gathering and analyzing logs from

Detection & Response - Alert Deployment and Tuning

This post is about log monitoring basics, including log deployment and tuning.

Palo Alto XSOAR + GPT-3

In this post, I will be discussing how security automation can benefit from the advanced language understanding capabilities of GPT-3. By integrating GPT-3 into XSOAR, security teams can leverage the power of natural language processing to improve the efficiency and effectiveness of their incident response processes. I will be walking

Smarthome Auditing - Logging Kasa Devices to Splunk

Home automation is just the greatest thing ever, isn't it? Because who doesn't love the idea of being able to control their entire house with the swipe of a finger on a tiny screen? I mean, why bother actually getting up and flipping a light switch when you can just

Cybersecurity Program Basics

Starting to plan out a Cybersecurity program for your company can be a challenging task, but in many ways the steps to take have more benefits than just increased security. Introduction Cybersecurity programs are categorized into people, technology and process. People refer to the employees, contractors, and other individuals who

MITRE ATT&CK

What is the MITRE ATT&CK Framework and how did it come to be? SummaryThe MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is a comprehensive knowledge base of adversarial tactics and techniques based on real-world observations. It is designed to help organizations understand the tactics,

policy

The STRIDE Methodology

The STRIDE methodology aims to help with the question "how can our system be exploited and what security paradigms can we use to secure it?" It extends the commonly used CIA Triad (Confidentiality, Integrity and Availability).

Why Cybersecurity is important for small business

Small business and non-profits often overlook the dangers of cyber-attacks to their organization but small business is just as likely to be hacked as big business, and the fallout of a breach could be more damaging.