If you’re working on a research or side project, this is your platform to share your findings, roadblocks, breakthroughs, and more. Doesn’t matter if it’s still a work in progress or has been recently published - all stages of research are welcome.

Maybe you’re not actively researching, but you’re closely following an interesting development in the industry or a certain researcher’s work - feel free to share that here too!

Or perhaps, you’ve got an idea for a project or research you wish to undertake, but need resources, collaborators, or simply some guidance - let the community know.

Here’s a simple guideline to kickstart the conversation:

  • What’s the research about? (Give a brief overview of the project or topic)
  • Current progress/Findings (If applicable)
  • Challenges and roadblocks (What issues are you facing or expect to face?)
  • Help needed (Are you looking for collaborators, resources, advice, etc.?)
  • execveat@infosec.pubOPM
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I played around with WebSockets and wrote a new tool: https://github.com/doyensec/wsrepl

    It’s an interactive REPL interface like websocat, but it’s meant specifically for pentesting, not debugging, and it’s easily extensible in Python (while still retaining REPL interface). In future releases I’d like to expand the extensibility by adding declarative style configuration (the ultimate feature would be something like what Burp’s Autorize plugin does, but for websockets).

  • matt@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I recently had ChatGPT put together a “lesson plan” of sorts for the next six months of one thing to work on each week to get familiar with different skillsets and see what I really like. I basically gave it a list of skills that I currently have, topics that I want to learn more about, and certifications that I find interesting/applicable then had it come up with a project that could be completed in a weekend a book for further reading.

    Right now I’m working on my CKS for work but here’s a few things that I’m really looking forward to once I start knocking the weeks off on here:

    • Container Runtime internals: Dive deeper into the internals of container runtimes, understand container lifecycle management, and experiment with advanced runtime configurations.
    • Ghidra and Container Security: Analyze a container runtime component using Ghidra to identify potential vulnerabilities or weaknesses and propose mitigation strategies.
    • Adversarial Examples: Implement a simple adversarial attack on a pre-trained machine learning model using a library like Foolbox or CleverHans.
    • execveat@infosec.pubOPM
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Fascinating idea to use LLM for inspiration in researching new topics. Did it match your interests right away or did you need to wrangle with it?

      • matt@infosec.pub
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I had to give it a couple of tries – originally I used Bard but wound up hitting paydirt with ChatGPT, seems to be a little bit better at understanding me at least? In terms of the topics, it really hit it out of the park but I still haven’t checked every book; curious how many of them actually exists lol

  • himazawa@infosec.pub
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I would like to go deeper on malware development and move to mobile devices. I would like to also study a new language like nim or zig. But the fact that nim has tab-driven codeblocks and zig is not memory safe doesn’t convince me much.