An introduction to automated LLM red teaming

Introduction As large language models become increasingly embedded in production applications, from customer service chatbots to code assistants and document analysis tools, the security implications of these systems have moved from theoretical concern to practical necessity. Unlike traditional software security testing, LLM red teaming addresses unique challenges: prompt injection attacks, data leakage through carefully crafted … Continue reading An introduction to automated LLM red teaming →

Vulnerability Management – Process Perspective

Introduction Part 2b In this post, we dive deeper into the HOW of vulnerability management. This post is dedicated to the processes to provide a comprehensive overview. 1. Processes Figure 1: Levels [86] In this chapter, we will have a look at the processes of vulnerability management. The Center for Internet Security defines separate controls … Continue reading Vulnerability Management – Process Perspective →

Refinery raid

IntroductionPurpose of the blogpostWhat is Labshock?What Will We Do?Setting Up the Virtual Oil PlantCreate Your EnvironmentInstall LabshockDockerDownload & build LabshockStarting LabshockConducting the HackStep 1: ReconnaissanceStep 2: Explore the PLC & SCADAStep 3: Find the correct IPStep 4: Interact with Modbus (Read Data)ModbusCoils & RegistersPump 1 & 2Step 5: Hack the Pumps (Write Data)Hack the pump … Continue reading Refinery raid →

Crisis Management – Beacon in the Storm

This entry is part 4 in the series of improving your Ransomware readiness Continuing our series of blog posts on Ransomware and Incident Response (Part1, Part2, Part3) and following up on the recent discussion about top management preparation (ManagementPreparation), its time to consider having an effective Crisis Management process in place. At NVISO we like … Continue reading Crisis Management – Beacon in the Storm →

Attack and Defense in OT: Enhancing Cyber Resilience in Industrial Systems with Red Team Operations

In today's rapidly evolving industrial landscape, securing Operational Technology (OT) is more critical than ever due to increased connectivity and sophisticated cyber threats. Throughout this blog post series, we will dive into the world of Operational Technology Security. This edition of the series focuses on how Red Team assessments can assist companies in identifying and … Continue reading Attack and Defense in OT: Enhancing Cyber Resilience in Industrial Systems with Red Team Operations →

Your Playbook to a better Incident Response Plan

You just had your first encounter with the "Headless Chicken Effect" during a security incident, like we mentioned in our last blog post. Maybe you like to be prepared against any possible scenario because you know that it's not a matter of 'if', but rather a matter of 'when'? In this second blogpost in our "Ransomware Readiness" series, we'll look into how you can better prepare yourself to face such incidents in the future, whether it's through planning, documentation, or testing.