Ever wonder how hackers really get in?

We sat down with LMG Security’s Penetration Testing Manager, @tompohl, to get penetration tester secrets from the front lines. From overlooked credentials to forgotten assets, these are the weak spots attackers love—and how to fix them.

We'll cover:

• The top entry points that attackers exploit
• Real-life examples from professional penetration testers
• Actionable tips to eliminate common network vulnerabilities

Don’t miss this behind-the-scenes breakdown: https://www.lmgsecurity.com/penetration-tester-secrets-how-hackers-really-get-in/

#PenetrationTester #Cybersecurity #NetworkSecurity #EthicalHacking #CISO #DFIR #Infosec #RedTeam #Pentesting

@GossiTheDog I use most of these on the daily at work why would try to make my day so hard with this #security nonsense... oh wait, I'm an #ethicalhacker / #penetrationtester. 😬

There are quite a few LLM pen testing tools out there, breaking the boundaries of what models are supposed to do by employing prompt injection and jail breaking techniques.
With Microsoft releasing #PyRIT and getting a lot of visibility for it, we wanted to highlight some of the other tools for the community:

- garak
https://github.com/leondz/garak

- HouYi
https://github.com/LLMSecurity/HouYi

- JailbreakingLLMs
https://github.com/patrickrchao/JailbreakingLLMs

- llm-attacks
https://github.com/llm-attacks/llm-attacks

- PromptInject
https://github.com/agencyenterprise/PromptInject

- LLM-Canary
https://github.com/LLM-Canary/LLM-Canary

- And now, of course, PyRIT
https://github.com/Azure/PyRIT

With thanks to Idan Gelbourt and Simo Jaanus for the research!

More AI security related posts and research will be published in the future from Knostic even while we’re still in stealth. Follow us to stay in the loop.

#ai #machinelearning #penetrationtesting #penetrationtester #redteam #promptinjection #artificialintelligence #informationsecurity #riskmanagement

Simple Useful Method for #Pentesters and Security Researchers to learn new things
One simple way [#trick] to learn new things is create Document for each thing you learn [step-by-step] with details and pictures with your “native language” etc. this will help you to rethink/rewrite those things which you want to learn, believe me this will help you a lot and sometimes you need to go back to these #documents to read something so these #documentation will help you to read very fast old things which you learned years ago also making Video [step-by-step] will help too but if you have both THEN this will be very good for you also if you are (or want to be) #instructor or #teacher these things will help you to teach these things to students also will help to students to learn new things very fast and much better.
As #pentester you should make something like this chm file (help/documentation file [step-by-step]) for each things you want learn as “new thing” but remember this you should make this documents with very details also you need to make video about that too and your documents should have pictures of result (success/fail results) also pictures of bugs and pictures of your test on different OS targets like windows 7/10/11 and Servers too and …
Note: "These documentations should be part of your job always".

As you can see in this documentation (chm file) which I made years ago, I talked about basic of DNS service and Configuration via Server-side tools by example and pictures with my “Native Language”. So, after years I still can read that very fast again and learn some things which I learned so many years ago. But if you are #pentester or #SecurityResearcher you should put your results of research/tests in this documentations (with details) too so as Pentester you will have lots of Documents and CHM/HTML files like this for each research or for each new hacking things or even new Pentest Projects in your own virtual LAB or ...
this is very little part of new chapter in my New eBook: "how can be a #penetrationtester and #SecurityResearcher" (this is my story about how i tried to work on these fields of #cyber #security).
#pentesting #blueteam #redteam

this is my New #ebook which i am working on this
"how can be a #penetrationtester and #SecurityResearcher (this is my story about how i tried to work on these fields of #cyber Security)".

half of eBook is ready but still need to rewrite some parts of them, this is my story about Penetration Test and Security Research , in this ebook my goal is talking about my experience in 7-8 years ago and how i worked in these field of cyber security with Example and talking about story of each #Pentest/Research Projects, my second goal is explaining these things step-by-step to Beginner #pentesters or Security Researchers for learn how they can start their own things.
also i want to suggest to you all #infosec guys make something like this as eBook or Documentation for itself also share that for others in community and let them to learn from your Success and fails Pentest/Research projects and explain to them why you had/have successful/fail experience for each project and what things helped you or what things was necessary but you did not have that object or ... these things in your own free ebook or free documentation will helpful to others when read your experience by ebook or something like that especially when you talk about every thing step by step with pictures of success and fail things (with details) ;D, why not just do it for your friends and for your own infosec #community .
i am working on this New #free #ebook very hard and i will share this but still this ebook needs new chapters which i am thinking about them ;D

Note: "Cyber Security #Instructor or Pentest or #RedTeam Teachers and #Blueteam Teachers should do this [without doubt] , i had very good Teaching experience with this method".

finally i want to say these are my experiences & this does not mean you should have experience like this exactly to work in these fields of cyber security, you will find your own style in #penetrationtesting and #securityresearch "Don't worry."
#pentest #pentesting #redteam #blueteam