Login

Recent searches

No recent searches

Search options

Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.

Administered by:

Server stats:

482
active users

social.coop: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#penetrationtesting

0 posts0 participants0 posts today
Public
pelemarse

PentestGPT, an AI-driven tool released in 2024, uses GPT-4 to guide penetration testers through hacking tasks, suggesting recon steps, exploitation commands, and analyzing results.

#pentestgpt #ai #penetrationtesting #cybersecurity #gpt #ethicalhacking #chatgpt #infosec #securitytools #openai #securityresearch #hackingassistant
darknet.org.uk/2025/04/pentest

Darknet - Hacking Tools, Hacker News & Cyber Security · PentestGPT – AI-Powered Penetration Testing AssistantPentestGPT is a new AI-driven tool that acts as a virtual penetration testing assistant. Released in 2024 by a security researcher (GreyDGL)​, it leverages OpenAI’s GPT-4 model to interactively guide penetration testers through hacking tasks. In simple terms, PentestGPT lets you have a “ChatGPT-like” conversation where it suggests recon steps, exploitation commands, and even helps analyze results during a pentest. Features & Capabilities of PentestGPT – AI-Powered Penetration Testing Assistant AI-Guided Workflow: PentestGPT can suggest the next steps in an engagement. For example, after you tell it you’ve scanned a host and found open ports, it might recommend running nmap
Public
LavX News

Why Compliance Alone Won't Shield You from Cyberattacks: A Call for Proactive Security Measures

Recent data breaches at major companies reveal a critical truth: compliance with security frameworks is not synonymous with security itself. As attackers exploit overlooked vulnerabilities, organizati...

news.lavx.hu/article/why-compl

Why Compliance Alone Won't Shield You from Cyberattacks: A Call for Proactive Security Measures
#news#tech#Cybersecurity
Public
Christopher Bauer :debian: :i3wm: :blobcatthinkingglare:

For those pentesters earlier on their career track like me, I wrote up a few steps on DACL abuse in AD with PowerView.

I've run across a few DACL fumbles using Bloodhound Community Edition of late, and always used net.exe for much glorys.

Bloodhound is adamant on PowerView for opsec however and the instructions weren't too clear (not Bloodhound's fault).

Hope this can clear things up a tad and be a help to others' studies.

christopherbauer.org/2024/12/1

Imaginative Realities · Quick Pointer: Abusing DACL Fumbles using PowerView
More from Christopher Bauer :debian: :i3wm: :blobcatthinkingglare:
#penetrationtesting#pentesting#AD
Public *
The Doctor

EDIT: My question has been answered, through judicious application of interrogation techniques in a separate call with the client. Thank you, everyone!

---

I have a really stupid question. One that hasn't been relevant since the 1990's, but here we are.

Does anybody know if there is a breakdown of #OpenSource #licenses that either explicitly do, or explicitly do not permit them to be in scope of #PenetrationTesting?

I can't go into details about who or why, but it's come up at work and the legal team is now sitting with their heads on their desks weeping openly.

Please boost. A helpful paper might come out of this that will help a lot of people.

Public
Marco Ivaldi

Continuing the tour of my @github projects, the #TacticalExploitation toolkit deserves to be mentioned. It's now a bit old, but I believe the concept still applies, and very much so.

github.com/0xdea/tactical-expl

"The Other Way to Pen-Test" -- @hdm & @Valsmith

I've always been a big proponent of a tactical approach to #PenetrationTesting that doesn't focus on exploiting known software #vulnerabilities, but relies on #OldSchool techniques such as #InformationGathering and #BruteForce. While being able to appreciate the occasional usefulness of a well-timed 0day, as a veteran penetration tester I favor an exploit-less approach. Tactical exploitation provides a smoother and more reliable way of compromising targets by leveraging process vulnerabilities, while minimizing attack detection and other undesired side effects.

Since a few years, I've meant to give a talk on this very subject, with the working title of "Empty Phist Style - Hacking Without Tooling" (inspired by @thegrugq). Sooner or later it will happen.

GitHubGitHub - 0xdea/tactical-exploitation: Modern tactical exploitation toolkit.Modern tactical exploitation toolkit. Contribute to 0xdea/tactical-exploitation development by creating an account on GitHub.
ExploreLive feeds
About