Post
415
I made Multi-agent Software Team Gradio space using transformers agents based on the multiagent_web_assistant cookbook by
@m-ric
Csplk/SoftwareTeam
Csplk/SoftwareTeam
Ci Splunk PRO
Csplk
AI & ML interests
None yet
Organizations
Csplk's activity
posted
an
update
6 days ago
They just afraid to show how it works cos they know they cant keep up with the open source train
posted
an
update
28 days ago
Post
2079
# Offensive Security Reconnaissance Continued with Public Facing Industrial Control System HMIs using Moondream
Building on my previous experiments with Moondream for physical security reconnaissance planning automation (https://huggingface.co/posts/Csplk/926337297827024), I've now turned my attention to exploring the potential of this powerful image-text-text model for offensive security reconnaissance in the realm of Industrial Control Systems (ICS).
ICS HMIs (Human-Machine Interfaces) are increasingly exposed to the public internet, often without adequate security measures in place. This presents a tantalizing opportunity for malicious actors to exploit vulnerabilities and gain unauthorized access to critical infrastructure.
Using Moondream with batch processing ( Csplk/moondream2-batch-processing), I've been experimenting with analyzing public facing ICS ( Csplk/ICS_UIs) HMI ( Csplk/HMI) screenshots from shodan to identify types of exposed ICS system HMIs, how they are operated and how malicious actors with access to these systems could cause damage to physical infrastructure. Feeding images of HMIs and pre-defined text prompts to Moondream batch processing successfully (unconfirmed accuracy levels) extracted information about the underlying systems, including
1. **System type**
2. **Possible Operation Details**
3. **Malicious Actor Outcomes**
Next steps:
* I have a longer and more in depth blog write up in the works that will cover the previous and this post's approaches for experiments for sharing via HF community blog posts soon.
* I plan to continue refining my Moondream-based tool to improve its accuracy and effectiveness in processing public facing ICS HMIs.
* As mentioned before, offensive security with moondream focused HF Space once its fleshed out.
Thanks again to @vikhyatk for the incredible Moondream model. vikhyatk/moondream2
Building on my previous experiments with Moondream for physical security reconnaissance planning automation (https://huggingface.co/posts/Csplk/926337297827024), I've now turned my attention to exploring the potential of this powerful image-text-text model for offensive security reconnaissance in the realm of Industrial Control Systems (ICS).
ICS HMIs (Human-Machine Interfaces) are increasingly exposed to the public internet, often without adequate security measures in place. This presents a tantalizing opportunity for malicious actors to exploit vulnerabilities and gain unauthorized access to critical infrastructure.
Using Moondream with batch processing ( Csplk/moondream2-batch-processing), I've been experimenting with analyzing public facing ICS ( Csplk/ICS_UIs) HMI ( Csplk/HMI) screenshots from shodan to identify types of exposed ICS system HMIs, how they are operated and how malicious actors with access to these systems could cause damage to physical infrastructure. Feeding images of HMIs and pre-defined text prompts to Moondream batch processing successfully (unconfirmed accuracy levels) extracted information about the underlying systems, including
1. **System type**
2. **Possible Operation Details**
3. **Malicious Actor Outcomes**
Next steps:
* I have a longer and more in depth blog write up in the works that will cover the previous and this post's approaches for experiments for sharing via HF community blog posts soon.
* I plan to continue refining my Moondream-based tool to improve its accuracy and effectiveness in processing public facing ICS HMIs.
* As mentioned before, offensive security with moondream focused HF Space once its fleshed out.
Thanks again to @vikhyatk for the incredible Moondream model. vikhyatk/moondream2
replied to
singhsidhukuldeep's
post
about 1 month ago
Does it only do react apps?
Such overhead in how bloated react is compared to vanilla css js and semantic html for output tokens.
The M4 team has been and continues to be a beast of a team. Good work humans of huggingfaceM4 team
posted
an
update
2 months ago
Post
1361
# Offensive Physical Security Reconnaissance Planning Automation with public facing RTSP streams and Moondream
After some late night casual hacking about on VLMs for criminal attack vector reconnaissance automaton experiments using Moondream (as usual) based image-text-text with pre defined text prompts that are tuned for extracting weakness or customer identity and monitory based theft physical red team engagement reconnaissance and vector of malicious or criminal activity Working on a space. Thanks again for such a wonderful blessing of super power image-text-to-text model with minimal computational power needed @vikhyatk
I have started actually implementing a custom little tool with both static html space sand python gradio spaces on the go which I shall share as hf spaces when done them.
---
vikhyatk/moondream2
vikhyatk/moondream2
After some late night casual hacking about on VLMs for criminal attack vector reconnaissance automaton experiments using Moondream (as usual) based image-text-text with pre defined text prompts that are tuned for extracting weakness or customer identity and monitory based theft physical red team engagement reconnaissance and vector of malicious or criminal activity Working on a space. Thanks again for such a wonderful blessing of super power image-text-to-text model with minimal computational power needed @vikhyatk
I have started actually implementing a custom little tool with both static html space sand python gradio spaces on the go which I shall share as hf spaces when done them.
---
vikhyatk/moondream2
vikhyatk/moondream2
- 1 reply
Can I get a aweeee yeaaah?
thanks @vikhyatk !
Closed source models are increasingly going to take longer and longer to make do something considered "bad" so they will fall farther and farther behind of people try to use them for defence against the gradually rising use of open source uncensored models in attacks until most blue teams alsp move to decentralized open source models to build better defensive tool chains.
Generally speaking this paper is great from the perspective of approaches to further offensive web security automation capabilities with ML but they focus on incorrect things like trying to suggest organization try even harder to stifle the censorship of their platform to be safe rather than teach people how to use ML / LLMs mitigate risk of rouge bad sequences of langchains like they do with chemistry and genetics.