👀 Update From Security Break

Hello Friend! ✌️

I hope you are doing well. It has been a little over a month since BlackHat and Defcon. I wanted to write this update when I got back, but I could not find the time. So here we are.

If you have been following my updates from Vegas, you know it was hectic for me with a training, multiple talks, a podcast recording, and interviews. By the end of my 12 days in Vegas, I slept 11 hours on my flight back to Australia (and I was not in business class, so you can imagine how exhausted I was).

This newsletter will give you a glimpse of my trip with some content I have not published elsewhere. So buckle up!

Practical GenAI for Threat Intelligence Training

During BlackHat, I taught my training Practical GenAI for Threat Intelligence. It was a two-day course delivered twice, so four days in total. We received amazing feedback, and honestly, this was the best reward I could hope for after all the hard work. Some participants even said it was the best training of their career.

I am sharing some of the feedback here. If you are interested in learning more, you can visit this page or reply to this email. We also offer private sessions.

"The most gamechanging course I ever took at BlackHat."

"Thomas Roccia taught a mastful class packed with tons of practical information, howtos, and labs that left me inspired with what I can to do apply LLM agentic workflows in my day to day work and support my customers. "

"Incredible amount of code….thank you"

"Great organization and application of techniques using AI in creative and useful ways. My horizon on how to use LLMs beyond just asking questions in chatgpt has expanded greatly."

"The examples alone are worth the price of the course"

"The course “Practical GenAI for Threat Intelligence” exceeded my expectations. We had an excellent experience with the hands-on labs, and I’m returning with valuable knowledge and practical skills that I can apply to my work environment, along with the included source code."

"Overall was really great. Switching between the concise powerpoint slides into code really helped keep attention throughout the room. I feel like this training was engaging and a lot more interactive than my training last year."

Presenting NOVA the Prompt Pattern Matching

If you have been following my work, you know my focus for the past four years has been on AI and security, specifically on AI and Threat Intelligence. In a previous post, I shared my perspective on why I think prompts are a new kind of IOC. That is why I introduced the concept of Adversarial Prompts, or IoPC (Indicator of Prompt Compromise).

I also created NOVA, an open-source framework dedicated to prompt hunting using detection rules. I have been advocating a lot about this topic and presented NOVA at BlackHat Arsenal and the Blue Team Village. The feedback I received was truly amazing. I could feel this concept clicked for many, and others were already into it.

During this talk, I also introduced Proximity, my MCP security scanner powered by NOVA. You can learn more about NOVA and its ecosystem here: https://novahunting.ai

Presenting at Defcon

This was my second year in the row I presented on the Main Stage at defcon. This year I presented a research on Crypto money laundering and how we could leverage genai for tracking the money flow. This was a very interesting talk that sparked interest for many.

During the talk I presented about crypto money laundering mechanisms and tracking opportunity using the Bybit Hack as an example. At the end I presented a demo on an agent I created to track the money and help an analyst in the investigation.

You can access the presentation here.
The video demo is coming up 😉

In other updates

Throughout the week in Vegas, I was interviewed and recorded several podcasts. Some are not published yet, and a few were recorded right after I got home.

I am keeping track of them on my YouTube channel, where you can find the latest ones in the playlist. I am also pushing more content there, so subscribe if you want to support me. ❤️

My to-do list is longer than my arms, but here is what I am working on right now:

Releasing Proximity my MCP Security Scanner ASAP
Another project related to NOVA that will go live soon (I am sure most of you will love it) 😉
Updating the Unprotect Project with the latest contributions
Migrating part of my infrastructure

That is it! Thank you for reading this far, and I hope it brought you value. If you enjoyed this content, you can follow me on my social networks, and of course, you can reply to this email. Until next time!

Thomas

Follow Me on Social Network

💼 LinkedIn - 🐦 Twitter - 📺 YouTube - 📖 My Book