I wrote a blog post about enumerating and testing tool usage in web applications that use LLMs:
www.invicti.com/blog/securit...

Here are the slides from my @tumpicon.org talk: Teaching LLMs how to XSS - An introduction to fine-tuning and reinforcement learning (using your own GPU)
docs.google.com/presentation...

The article: www.invicti.com/blog/securit...

I wrote an article about how it's possible to use Assistant Prefill to jailbreak LLMs (Large Language Models).

Here is an example of the latest model from Microsoft (Phi-4) writing a phishing email:

My favorite talk from #38c3: From Pegasus to Predator - The evolution of Commercial Spyware on iOS - media.ccc.de/v/38c3-from-...

Great paper from Orange Tsai about unicode transformations: worst.fit/assets/EU-24...

OpenAI o3 model just achieved unbelievable scores (75% and 87%) on ARC-AGI, the previous models made maximum 20% and humans make around 85%. arcprize.org/blog/oai-o3-...

Must read if you are interested in test-time compute: huggingface.co/spaces/Huggi...

Great read: semianalysis.com/2024/12/11/s...

If you're interested in the technical details, I wrote the blog post here: flatt.tech/research/pos...

For the further details, please check out the announcement from the OpenWrt team: lists.openwrt.org/pipermail/op... (2/2)

Here is a great follow up blog post to my blog Remote Code Execution with Spring properties written by Elliot Ward: snyk.io/articles/rem...

Pro tip for if you have XSS but you can only use upper case:

aem1k.com/transliterat...

transliterate.js by @aemkei.bsky.social works great!

Starter packs

FYI, here's the entire code to create a dataset of every single bsky message in real time:

```
from atproto import *
def f(m): print(m.header, parse_subscribe_repos_message())
FirehoseSubscribeReposClient().start(f)
```

As most people know, it's trivial to save all the bsky posts.

A librarian that previously worked at the British Library created a relatively small dataset of bsky posts, hundreds of times smaller than previous researchers, to help folks create toxicity filters and stuff.

So people bullied him & posted death threats.

He took it down.

Nice one, folks.

qwq is a new openly licensed LLM from Alibaba Cloud's Qwen team. It's an attempt at the OpenAI o1 "reasoning" trick that runs on my Mac (20GB download) via Ollama... and it's pretty good!

My detailed notes here: simonwillison.net/2024/Nov/27/... - here's its attempt an SVG pelican riding a bicycle.

Interesting, I've been playing with URLTeam as well but for other purposes, there is definitely a lot of noise. That's basically my main problem, how to filter out the noise. I did not found a solution until now.

Made a NotebookLM podcast about this, from a few .ro articles, if people are interested: notebooklm.google.com/notebook/742...

I'm from Romania, TikTok is hugely popular here, we have over 8.9 million TikTok user (from 19 million total population). Many influencers were paid to promote TikTok tags (like #echilibrușiverticalitate - this one received 2.4 million views) that were later used to promote Calin Georgescu.

CommonCrawl is this: commoncrawl.org - they have 17 of crawled data is one of the sources LLMs use for training. I think it's a great source for building links between links.

Build a huge database for that and use it to suggest new links based on links you already discovered. I think that has big potential. In the beggining I was thinking to finetune an LLM but I think a DB should be enough.

Thanks, that means a lot to me. About statistical data: i had a similar idea for a long time.I was thinking to read all the URLs from all the crawls available in CommonCrawl and then build a database with relations between links. If /wp-login.php is found you might try /wp-register.php, xmlrpc.php