AI Security & Compliance - whew, that's a tough one, right?

No doubt, AI can seriously level up security efforts. But then there's that whole GRC (Governance, Risk, Compliance) headache... Sound familiar?

Picture this: Your client's hyped about deploying a new AI-powered firewall, but then Legal and Data Protection slam on the brakes. Classic scenario! It really is a tricky balancing act.

Honestly, AI isn't just an 'install and forget' kind of deal. You've *gotta* stay proactive and really bake security in right from the beginning – thinking 'security by design' is crucial. Otherwise, you get stuck in that frustrating loop: no budget means skimping on security, but weak security makes getting that budget approved way harder...

So, let's talk real challenges. What are *your* biggest pain points when dealing with AI security? Spill the beans below!

Seriously, the Outlaw botnet? Still pulling off SSH brute-force attacks in 2024?! Wild how that's *still* getting results. It really just hammers home the point: the fundamentals are absolutely crucial!

You've gotta have solid password habits locked down. Things like key authentication, maybe changing the default SSH port, setting up Fail2ban... c'mon, it isn't exactly brain surgery, right?

But yeah, setting it up takes a bit of effort, doesn't it? And we all know time equals money...

Working as a pentester, I see it way too often – companies cutting corners precisely on these foundational steps. They'd rather splash out on flashy AI security tools, yet leave the digital front door practically wide open. Then, inevitably, everyone acts shocked when things go sideways.

So, I gotta ask: What "basic" security measures do you see getting consistently overlooked where you work?

Alright, let's get real about NIST. Yeah, it's important, no question. **But** banking solely on a certificate? That's definitely not the silver bullet for security!

Seriously, I've seen cloud environments myself that ticked all the NIST compliance boxes on paper, yet they were still wide open with security holes. It happens!

So, what's the takeaway? You absolutely can't just blindly trust that "compliant" status. This is exactly why making regular pentests a standard part of your routine isn't just nice-to-have, it's essential. You've gotta actively look for those weaknesses.

What about you? What's your experience been with NIST frameworks and actually keeping cloud setups secure? I'm curious to hear your stories!

Автоматизируем пентест с помощью Python

Тестирование на проникновение всегда ограничено во времени. Если черные хакеры (или просто хакеры) могут потратить недели и месяцы на проведение APT атаки, то белые хакеры не могут позволить себе такую роскошь. Есть договор на проведение пентеста и в этом договоре четко указаны сроки. Для того, чтобы пентест был максимально эффективным, используются различные инструменты автоматизации, однако очень часто бывает так, что удобнее всего использовать собственные скрипты, так как часто возникает необходимость в некоторой кастомизации, когда нужно немного изменить код скрипта и конечно лучше менять то в чем хорошо разбираешься.

https://habr.com/ru/companies/otus/articles/886022/

How to kerberoast without having to send a TGS-REQ

https://rastamouse.me/kerberoasting-without-tgs-reqs/

Top #hashcat tip:

Want per-position duplication in your rules to leverage your GPU?

It's not available in a single op, but you can emulate it by incrementally duplicating the first N chars, and then incrementally deleting the position and frequency of the redundant characters

A showcase of a payload development process for initial access phishing

https://lorenzomeacci.com/advanced-initial-access-techniques

Heard about WordPress "mu-plugins" being used as a sneaky entry point? Yikes!

Think of 'mu-plugins' – those 'must-use plugins' WordPress *always* loads automatically. Super handy, right? Well, for attackers they are, because let's be real, who actually checks those regularly?

What's wild is that some malicious scripts hidden there even check if they're being scanned by a bot, just to stay under the radar. Talk about sneaky! It almost feels like a professional job... kinda reminds me of when we're pentesting for clients and trying to slip past their defenses.

Usually, the culprits behind these breaches are the usual suspects: outdated plugins or themes, weak or stolen passwords, or maybe server misconfigurations. Seriously people, keeping everything updated is crucial!

Look, automated scans have their place, they're a decent first step. But honestly? A thorough pentest is often what *really* digs up these hidden nasties. So, spill the beans: Anyone else bumped into attacks leveraging mu-plugins or something similar? What tools are your go-to for sniffing them out? Let me know below!

According to the #OVH #tos if I do a #pentest on my infrastructure and services I do have to send them a report with all the vulnerabilities.

https://contract.eu.ovhapis.com/1.0/pdf/contrat_genServices-it.pdf (Article 3.9)

And they are going to fix them for free for me right? /s

Articles and tools related to research in the Apple environment (mainly macOS)

https://github.com/Karmaz95/Snake_Apple

New cheatsheets pushed

https://github.com/r1cksec/cheatsheets

Alright, security pros! Just stumbled upon another article about pentesting, and it really hit home. You know how clients sometimes assume that just having security certificates and a firewall means they're totally secure?

Well, let's be real, that's often far from the truth.

Here's the deal: Real penetration testing is *way* more than just running an automated scan. It actually demands brainpower, a dose of creativity, and the knack for thinking way outside the box. You've gotta get creative!

And yeah, proper security isn't free. But isn't it way better to invest upfront than deal with a potentially massive (and costly) mess later on? Makes sense, right?

So, what have you seen out there? What are the so-called "quick fixes" in security that drive you absolutely nuts? Let me know below!

Seriously, EncryptHub isn't messing around! They've jumped *right* on that Windows bug (CVE-2025-26633) that literally *just* got fixed. Talk about moving fast...

So, the exploit? It involves the Microsoft Management Console (MMC), those MSC files, and something called MUIPath. Sounds pretty techy, right? But basically, it's a clever workaround. EncryptHub crafts two MSC files – same name, one legit, one malicious. Windows doesn't double-check properly and ends up loading the nasty one. Boom!

You see, as a pentester, I constantly witness attackers twisting legitimate system functions just like this. Your automated scanners? Yeah, they'll likely miss it completely. This kind of thing really needs hands-on analysis to catch. And yeah, updates are crucial, folks! Make sure you get CVE-2025-26633 patched ASAP. Oh, and those random MSI installers from sources you don't know? Big nope. Steer clear!

Have you run into attacks like this before? Or maybe you've got some other sneaky Windows tricks up your sleeve? Drop 'em in the comments!

CoffeeLoader? Sounds like some fancy new brew, right? ️ Nope, it's actually some pretty vicious malware.

Seriously, the creativity from attackers lately is something else... using the GPU for obfuscation? That's wild!

Alright, putting my pentester hat on for a sec: Look, automated scans definitely have their place. *But* when you're dealing with tricky stuff like this? You absolutely need a real person digging in, taking it apart piece by piece. It's kinda like making coffee, you know? A machine gets the job done, but a great barista? They craft it with care and uncover all those subtle flavors. Same principle applies here.

So, keep a sharp eye out for any sketchy processes or DLLs hanging around. And seriously people: Patch your systems! Don't sleep on updates!

Speaking of which, what are your favorite tools for hunting down this kind of advanced threat? Let me know below!

Alright folks, just a quick heads-up from your friendly neighborhood pentester: Office docs? Yeah, they're *still* a massive playground for attackers.

Sure, keeping things updated is vital, *but* let's be real: social engineering still wears the crown. Honestly, the least suspecting user often ends up being the biggest security gap in the network.

Just saw this play out at a client's site recently. An employee clicked open a seemingly innocent Word doc... hiding a nasty phishing link. And *poof*, their credentials were gone. Can happen just like that.

Now, AI *can* lend a hand here, but tread carefully. The tech's evolving way faster than most people can adapt. That makes disinformation and manipulation seriously huge threats we need to watch out for.

So, what's the game plan? Awareness training – it's absolutely worth its weight in gold! Plus, fostering a healthy dose of skepticism is key, even when it feels like a drag sometimes. You gotta stay sharp.

How are *you* shielding your users from these kinds of attacks? Let me know!

assume that in a pentest project arrive to a xml file that may leads us to compromised the system so beside of regular attacks what we can do?
#pentest

Learn how to pentest your own network in our new step-by-step guide from Senior Cybersecurity Consultant Bryan Bijonowski Jr. Bryan explains why penetration testing is crucial for identifying weaknesses before attackers do, then guides IT professionals through the process of pentesting their own networks to strengthen their organization's defenses and significantly reduce cybersecurity risks!

Check it out: https://www.lmgsecurity.com/how-to-pentest-your-own-network-a-7-step-guide-for-it-pros/

A proof-of-concept fileless DCOM Lateral Movement technique using trapped COM objects

https://github.com/xforcered/ForsHops

PowerChell is a very cool tool by @itm4n to bypass PowerShell security measures like AMSI, Script Block & Module Logging using ETW, Transcription, Execution Policy and Constrained Language Mode! Nothing fancy and new, but everything in a single unmanaged binary!

- Blog: https://blog.scrt.ch/2025/02/18/reinventing-powershell-in-c-c/
- GitHub: https://github.com/scrt/PowerChell

This made my job much easier in my latest pentest. So, THX!

This whole #FediverseChick thing smells like penetration testing to me.