El lado del mal - LLM-Guardian: Sistema Multi-Agente de Defensa LLM con Red Team Adversarial Inteligente https://elladodelmal.com/2026/02/llm-guardian-sistema-multi-agente-de.html #LLM #Guardrails #Pentest #Pentesting #IA #AI #Jailbreak #PromptInjection #Unalignment #Hardening
#PenTest
VulNyx Hosting Writeup
A Step-by-Step Guide to Exploiting SMB and WinRM Services on the VulNyx Hosting Machine:
https://medium.com/@thecybercraft/vulnyx-hosting-writeup-fa1bf2aa3825
#pentest #cybersecurity #infosec #winrm #vulnyx #smb #writeup
Ever think about penetration testers? People who test the physical security of sites for companies? Now, have you ever wondered what happens if they accidentally penetrate test the wrong site?
This guy did that.
https://darknetdiaries.com/episode/6/
The Beirut bank job
#penTest #hacking #podcast
A powershell tool to enumerate all SharePoint sites/drives that a user can access via Microsoft Graph, recursively downloads files, and logs every Graph/SharePoint HTTP request for SIEM correlation
Le pentest est-il mort ? — Nous voici en 2026 : à l'ère des LLM et du presque AGI … #pentest #security #threats [ https://y0no.fr/posts/le-pentest-est-il-mort/ ] #informatique ( via Yoann Ono / Biot )
BOF to perform stealthy LDAP queries over AD WS
I sat through way too many #pentest interviews where the candidates had no clue about the fundamentals of web security, like the Same-Origin Policy.
If you want to make a career of finding flaws in (web)apps, do yourself a favor and read @b0rk's HTTP zine:
https://wizardzines.com/comics/same-origin-policy/
If you want to make a career of finding flaws in (web)apps, do yourself a favor and read @b0rk's HTTP zine:
https://wizardzines.com/comics/same-origin-policy/
VulNyx Misconfigured Writeup
A Step-by-Step Walkthrough of Enumerating AD Services and Gaining Administrator Access on the Misconfigured Machine
https://thecybercraft.medium.com/vulnyx-misconfigured-writeup-f3f35cb52673
Сканер для обнаружения уязвимостей (NTLM relay)
#infosec #software #git #ad #pentest #relay
https://github.com/depthsecurity/RelayKing-Depth/
* Сканирует по SMB, LDAP/S, MSSQL, HTTP/S, RPC, WinRM;
* Находит WebDAV WebClient, CVE-2025-33073 (NTLM reflection), NTLMv1 + PrinterBug, PetitPotam и т.п.;
* Поддерживает аудит всего домена;
* Составляет список таргетов для `ntlmrelayx` и другого ПО;
* Сохраняет отчет в plaintext/JSON/CSV/Markdown.
Статья в блоге: https://www.depthsecurity.com/blog/introducing-relayking-relay-to-royalty/
Et si 2026 sonnait la mort du pentest ? Ça m'embêterait parce que c'est mon métier...
Depuis le début de l'année, je me suis penché sur son avenir. Entre les outils IA qui promettent des pentests automatisés, l'inquiétude pour les juniors qui arrivent sur le marché, et les outils qui vont potentiellement me faciliter la vie, j'ai posé mes réflexions dans un article.
Spoiler : le pentest n'est pas mort. Mais il va changer.
🔎 Một kỹ sư backend muốn thực hành phân tích bảo mật ứng dụng (web/mobile) miễn phí! 🎯 Cần 2‑3 dự án có môi trường test, không phải production. Ưu tiên phương pháp black‑box, cung cấp báo cáo rủi ro chi tiết, sau đó xoá mọi dữ liệu. DM nếu quan tâm! #cybersecurity #pentest #securitytesting #bảo_mật #kiểm_thử #ứng_dụng
https://www.reddit.com/r/SaaS/comments/1qt2ijs/im_looking_for_projects_to_perform_security/
El lado del mal - Cyphering Prompts & Answers para evadir Guardarraíles https://elladodelmal.com/2026/01/cyphering-prompts-para-evadir.html #PromptInjection #Jailbreak #Guardrails #IA #AI #Pentest #Hacking #Criptografía #Ofuscación #Cifrado
Как я создал свой сканер и пришёл к выплатам на багбаунти
Привет, Хабр! Сегодня хочу поделиться историей о том, как желание автоматизировать рутинную работу привело меня к созданию собственного инструмента FullMute и, как следствие, к первым серьезным выплатам на платформах bug bounty. Как многие начинающие исследователи, я начал с хаотичного ручного поиска уязвимостей: проверял заголовки, искал известные пути к админкам, пытался угадать версии CMS. Это было неэффективно, медленно и сильно зависело от везения. Мне нужен был «компас», который бы проводил первоначальную разведку за меня и давал четкие цели для атаки. Так родилась идея FullMute.
📢 Affaire Coalfire: 600 000 $ pour deux pentesters arrêtés à tort en Iowa
📝 Selon Ars Technica (Dan Goodin), Dallas County (Iowa) a accepté, cinq jours avant l’ouverture d’un procès, de verse...
📖 cyberveille : https://cyberveille.ch/posts/2026-01-31-affaire-coalfire-600-000-pour-deux-pentesters-arretes-a-tort-en-iowa/
🌐 source : https://arstechnica.com/security/2026/01/county-pays-600000-to-pentesters-it-arrested-for-assessing-courthouse-security/
#Iowa #pentest #Cyberveille
RE: https://mastodon.bsd.cafe/@stefano/115984116493117731
Luckily, many of my clients are intelligent and well-prepared people. Needless to say, that email, before making me laugh, had already made the client laugh. He immediately thought he was dealing with people who were great at marketing but had little technical skill.
I presented my theory on software engineering, but he immediately tore it apart, declaring himself extremely skeptical. In his opinion, it is more likely to be a technique to lower our defenses and then try to sell us "security products" after a "pentest full of flaws". Or simply sheer incompetence.
Anyway, their connection hasn't any open ports. So they can pentest anything they want to, as long as they want to.
GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or Microsoft SharePoint Document.
https://github.com/looCiprian/GC2-sheet
#infosec #cybersecurity #redteam #pentest #threatintel #dfir
The Coalfire Labs physical #pentest ordeal is finally over.
Over 6 years after being falsely arrested, maliciously prosecuted, and publicly defamed by a Sheriff who wanted to get into a political power struggle with the state judicial branch, there is a civil settlement.
Celebrating 100 security assessments, over 1000 findings, and over 2000 pages of pentest reports in 2025!
https://www.assured.se/posts/100-security-assessments-in-2025
#pentest #cybersecurity
This project maintains a list of binaries natively available in Proxmox VE that can be leveraged by adversaries during red team operations
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst