Author: Luki

Categories
AI

Prompt Engineering Techniques

A comprehensive reference of prompt engineering methods, strategies, and best practices for working with Large Language Models (LLMs).

Table of Contents

  1. Fundamentals of Prompting
  2. Politeness & Tone in Prompts
  3. Emotional Prompting
  4. Chain of Thought (CoT) Prompting
  5. Analysis to Filtration (ATF) Prompting
  6. Mission Prompting
  7. XML Tags for Structure
  8. Prompt Compression (LLMLingua)
  9. Context Window Management
  10. Randomized Output Techniques
  11. Structured Output / JSON Prompting
  12. Codebase Context Prompting
  13. Security & Safety Considerations
  14. Humanizer Prompting
  15. Persona Prompting — When It Helps vs. Hurts
  16. TOON — Token-Efficient Data Format for LLM Prompts
Continue reading “Prompt Engineering Techniques”
Categories
AI

The “Expert Prompt” Myth

The "Expert Prompt" Myth as seen by Dall-E

Why Telling AI It’s a Genius Might Be Making It Dumber

You’ve probably seen it everywhere — prompting guides that open with “You are an expert full-stack developer…” or “You are a world-class data scientist…” It feels intuitive. You want expert output, so you ask for an expert.

New research suggests this might be working against you.

Continue reading “The “Expert Prompt” Myth”
Categories
Security

NoName057(16) DDoS January 2026

Before the World Economic Forum 2026 kicks off in Davos, the global spotlight is once again turning to Switzerland. This not only for high‑level political and economic talks, but also for its exposure to cyber risks. In the past two years, pro‑Russian hacktivist groups like NoName057(16) have repeatedly used the WEF as a stage for DDoS campaigns against Swiss institutions, seeking attention rather than data theft, and there is every reason to assume that similar activities will attempt to ride on the media wave of WEF 2026.

Continue reading “NoName057(16) DDoS January 2026”
Categories
Web

Crawler: Seekport Bot

https://bot.seekport.com/ (2025-08-05)

In my access logs, I found excessive requests from IP address 65.108.99.119. During a regular review, I also found this IP is listed on AbuseIPDB, which indicated it has a lower reputation or may even be malicious.

https://www.abuseipdb.com/check/65.108.99.119 (2025-08-05)

The reverse PTR was also not very valuable.

crawl1-135.oi.tb.007ac9.net.
Continue reading “Crawler: Seekport Bot”
Categories
Web

What is Mozilla/5.0 Optimizer

https://www.sistrix.com/ (2025-08-05)

During a review of access logs, I recently came across this user agent string. It was by far the highest in request count. As it turns out, this is a SEO tool called Sistrix.

Mozilla/5.0 (compatible; Optimizer)

The reverse PTR for real asterisk calls should always be:

*.crawler.sistrix.net

More

Categories
Azure

Front Door Security: The RemoteAddr Trap

If you are using Azure Front Door, the need for a WAF policy that rate limits or blocks access to certain IP addresses might arise. Using the correct parameters in the WAF policy is crucial to implement an effective block that cannot be bypassed.

When selecting the property RemoteAddr in your WAF rules, a custom X-Forwarded-for header can be used to “hide” the real IP address or even to masquerade as a different IP address and therefore pass through an IP restriction.

Continue reading “Front Door Security: The RemoteAddr Trap”
Categories
Security

NoName057(16) returns after Police raid

Between July 14-17, police and cybersecurity agencies from multiple countries worked together to go after NoName057(16), a pro-Russian cybercrime network. The operation, called “Eastwood,” was coordinated by Europol and Eurojust. Authorities from 12 countries took action at the same time, targeting both the group’s members and their computer infrastructure. The main participating countries included the US, Germany, France, Italy, and several others across Europe. Eight additional countries provided support for the investigation, including Ukraine, Canada, and some Baltic nations. Two private cybersecurity organizations, ShadowServer and abuse.ch, also helped with the technical aspects.
The joint action represents the kind of international cooperation that’s become more common when dealing with cybercrime groups, particularly those with political ties. Law enforcement agencies have been increasingly working across borders to tackle these networks that operate internationally.

Now the big question is, was this the end of NoName057(16)?

It was visible that on witha.name, after July 18th, 2025, at 01:05, there was a lengthy and unusual gap in the updates of the configurations. As a result, the group’s operations were noticeably disrupted.

Continue reading “NoName057(16) returns after Police raid”
Categories
AI

Stumbled on Prompt LLM Builder

https://ai-27.com/prompt (2025-06-24)

I stumbled across this prompt refinement tool. I do not have much experience with it, but it looks interesting to help with building prompts.

Categories
Azure

Fix Invoke-Sqlcmd FileNotFound Error

A recent change in the SqlServer PowerShell module has given me a headache this week. I’m running the module with Azure DevOps in a pipeline that is triggering an Azure deployment script within a network-integrated container instance.

System.IO.FileNotFoundException: Could not load file or assembly

The problem this error.

Continue reading “Fix Invoke-Sqlcmd FileNotFound Error”
Categories
Sitecore

Hardcoded credentials in Sitecore XP

sitecoreServicesAPI user has default password 'b'

A blog post was today published outlining the risk (CVE-2025-34509) of Sitecore having a default user Sitecore\ServicesAPI and a password of b. The user usually has no default roles, however, it is already one step inside the system.

Probably setting a secure and strong password could be sufficient. I didn’t yet see an official statement from Sitecore yet.
Read all details of the disclosure here: Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform

Vulnerable databases are found in 10.1, 10.2, 10.3, and 10.4. 9.3 and 10.0 did not yet have this password for the user as per the setup script analysis. labs.watchtower.com

More

Related