Can a language model actually help with real-world security testing? 🛡️🤖

PentestGPT is a new tool designed to serve as a virtual assistant during penetration testing. Developed by a researcher known as GreyDGL, it builds on OpenAI’s GPT-4 to help guide professionals through standard pentest workflows. Unlike traditional automation tools that execute payloads or scan for vulnerabilities directly, PentestGPT focuses on reasoning and decision-making support based on user input.

The tool is structured around common engagement types like web application testing and external infrastructure enumeration. It doesn’t directly interface with targets—it relies on the tester to collect and provide data, such as HTTP responses or error messages. From there, it helps interpret results, suggest next steps, and generate reports aligned with methodologies like OWASP or PTES.

For example, if presented with a suspicious response header or authentication behavior, PentestGPT can analyze it and suggest tailored test cases like token replay or path traversal checks. It also maintains context throughout the interaction, preserving key findings and adapting its advice accordingly.

Still, it's not a replacement for human testers. Its strength lies in augmenting expertise, reducing time spent on documentation loops or repetitive analysis. On the downside, its dependency on accurate input and lack of active scanning limits its autonomy.

As of now, it’s available as an open-source project on GitHub. It's part of a broader trend of applying large language models not just to content generation, but also toward structured, technical workflows—including cybersecurity.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

🧠 Thank you @Nightwing_usa for your Silver sponsorship! Your impact on cybersecurity awareness resonates throughout our community.
#RedTeam #CyberSecurity #IncidentResponse #InfoSec

New Open-Source Tool Spotlight 🚨🚨🚨

The "Damn Vulnerable MCP Server" is a deliberately vulnerable implementation of the Model Context Protocol (MCP), designed for educational use. It includes 10 challenges that highlight specific security flaws, from prompt injection to multi-vector attacks. A hands-on tool for security researchers learning to secure MCP in LLM contexts. #Cybersecurity #AI

🔗 Project link on #GitHub 👉 https://github.com/harishsg993010/damn-vulnerable-MCP-server

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

A post about how the leak of an encryption key could lead to arbitrary code execution on the Typo3 CMS🕵️‍♂️

https://www.synacktiv.com/publications/typo3-leak-to-remote-code-execution

#infosec #cybersecurity #web #typo3 #cms #redteam #pentest

SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication🕵️‍♂️

https://github.com/quarkslab/proxyblob

#infosec #cybersecurity #azure #cloud #redteam #pentest #opensource

They see your surface long before they strike. Learn how attackers map your digital terrain using tools like Amass, Shodan, and Spiderfoot. Know the ritual - or be the offering.
#recon #OSINT #cybersecurity #ethicalhacking #infosec #redteam #attackmapping #DeadSwitch

http://tomsitcafe.com/2025/05/04/recon-is-ritual-mapping-the-digital-terrain-before-the-hunt/

How can malware run silently on a WordPress site without appearing in the plugin list? 🔍🛠️

Threat actors are increasingly exploiting WordPress's "mu-plugins" directory to hide persistent malware. These "must-use plugins" auto-load on every page request without needing activation and are not visible in the WordPress admin dashboard, making them convenient for attackers aiming to stay hidden.

Sucuri researchers reported several recent infections where obfuscated PHP scripts were planted in this directory. One example includes code that pulls remote payloads from a disguised text file (`index.txt`) using `eval()`, `file_get_contents()`, or cURL—functions commonly misused to run arbitrary PHP code fetched from external servers.

Three specific malware variants were uncovered:
- **redirect.php**: Redirects users to malicious sites while bypassing bots and logged-in admins. It impersonates WordPress functions to blend in, often as part of fake update schemes.
- **index.php**: A webshell that fetches and runs remote scripts dynamically, enabling attackers to control the site fully without modifying the file itself—ideal for maintaining long-term access.
- **custom-js-loader.php**: Injects JavaScript that replaces images with explicit content and hijacks outbound links with popup ads, targeting traffic manipulation and SEO spam.

These infections typically result from compromised admin accounts, vulnerable themes/plugins, or unsecured hosting environments. Once deployed, they allow attackers to steal data, inject spam, redirect users, or sustain remote access over time. Unusual behavior like unexpected traffic redirects, suspicious files in `mu-plugins`, or high server load without cause are key indicators.

The use of the mu-plugins directory showcases how attackers adapt to evade conventional security tools. Regular file integrity monitoring, strict access controls, and well-configured WAFs remain essential to counter these tactics.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

WinPwn simplifies internal Windows penetration testing by automating reconnaissance and exploitation through PowerShell. Features include domain recon, privilege escalation, Kerberoasting, UAC bypasses, and proxy-aware scripting. Also works offline with `Offline_Winpwn.ps1`. #cybersecurity #pentesting

🔗 Project link on #GitHub 👉 https://github.com/S3cur3Th1sSh1t/WinPwn

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Too many times I've witnessed cyber team to launch work environment from google docs and host nation representatives just smile with their transparency solution on wire.

With Edgemap your DFIR or Red Team can utilize non trusted infrastructure and establish foothold on MACSEC separated LAN segment, use collaboration tools inbuilt in Edgemap server (running on Raspberry Pi 4).

Edgemap is open source and available at my Github [1].

[1] https://github.com/resiliencetheatre/rpi4edgemap

#edgemap #dfir #redteam #criticalinfrastructure

The Rise of Artificial Intelligence in Cybersecurity: What to Expect

https://bytesectorx.blogspot.com/2024/11/the-rise-of-artificial-intelligence-in-cybersecurity-what-to-expect.html

#BugBounty #CyberSecurity #AI #Hacking #ArtificialInteligence #development #CYBER #redteam #infosecurity #informationsecurity #CloudSecurity #networksecurity #TechNews

How does a threat actor evade detection using Microsoft Paint and Outlook? 🖼️📧

A newly identified cyberespionage group known as Earth Alux has been actively targeting sectors like government, telecom, logistics, and IT across countries in the Asia-Pacific and Latin America since mid-2023. According to Trend Micro researchers, the group uses a layered and adaptive toolset designed for stealth and persistence.

The attack starts with the exploitation of vulnerable public-facing services to deploy Godzilla, a web shell that acts as the entry point. Once inside, Earth Alux typically deploys either VARGEIT or COBEACON backdoors. VARGEIT is notable for spawning within benign processes such as *mspaint.exe*, allowing it to execute reconnaissance and steal data while blending into normal activity.

COBEACON, based on Cobalt Strike Beacon, is usually deployed first and delivered by MASQLOADER—an obfuscated shellcode loader. Some versions of MASQLOADER employ anti-API hooking by directly patching NTDLL.dll, a core Windows system library, to bypass endpoint detection solutions.

VARGEIT stands out for its flexible command-and-control mechanisms. It can communicate through up to 10 different channels, including DNS, ICMP, and even Microsoft Outlook via the Graph API. Communication through Outlook drafts is structured using specific prefixes ("r_" for commands, "p_" for responses), allowing attackers to maintain control without raising immediate flags.

The group also utilizes DLL side-loading techniques through loaders like RAILLOAD, accompanied by a timestomping module called RAILSETTER that ensures persistence by altering timestamps and setting scheduled tasks. To find new binaries suitable for side-loading, Earth Alux reportedly runs detection tests using open-source tools like ZeroEye and VirTest, both widely used in Chinese-speaking security circles.

Researchers suggest that the group carefully tests each component for stealth and evasion, pointing to a longer-term campaign focused on espionage rather than quick monetization. The structure and testing of tools indicate professional development practices and a commitment to remaining undetected in targeted environments.

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

PAYGoat is a deliberately vulnerable banking app designed to explore business logic flaws like BOLAC, race conditions, and balance tampering. A hands-on tool for researchers, pen testers, and devs studying secure backend design. #AppSec #CyberSecurity

🔗 Project link on #GitHub 👉 https://github.com/stuxctf/PAYGoat

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

🔒 Honoring @Fox_Pick again for making #BSidesAugusta exciting, educational, and interactive. Lock pick battles await!
#LockPickVillage #RedTeam #CyberEvent #InfoSec

New Open-Source Tool Spotlight 🚨🚨🚨

AggressorScripts is a curated collection of .cna scripts enhancing Cobalt Strike's functionality. From Beacon-to-Empire migrations to Slack notifications for new Beacons, it’s packed with Red Team utilities. Highlights: OPSEC profiles, mimikatz automation, and stale beacon alerts. #RedTeam #CobaltStrike

🔗 Project link on #GitHub 👉 https://github.com/bluscreenofjeff/AggressorScripts

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

"Question. I teleported bread."
#Bread #Teleport #Valve #TF2 #MeetTheTeam #ExpirationDate #RedTeam #Medic #Engineer #Soldier

Scopify is a Python command-line tool designed for penetration testers and bug bounty hunters to quickly gather and analyze infrastructure information (CDN, Hosting, SaaS) for a target company by scraping netify.ai🕵️‍♂️

https://github.com/Arcanum-Sec/Scopify

#infosec #cybersecurity #redteam #pentest #osint #opensource

Windows remote execution multitool🕵️‍♂️

https://github.com/FalconOpsLLC/goexec

#infosec #cybersecurity #redteam #pentest #opensource #windows #golang

A nice post that provides an overview about kerberos relaying🕵️‍♂️

https://decoder.cloud/2025/04/24/from-ntlm-relay-to-kerberos-relay-everything-you-need-to-know

#infosec #cybersecurity #pentest #redteam #kerberos #activedirectory #windows

New Open-Source Tool Spotlight 🚨🚨🚨

angr is a Python-based framework for binary analysis, spanning capabilities like symbolic execution, control-flow analysis, and decompilation. Ideal for CTF challenges and reverse engineering tasks. #binaryanalysis #reverseengineering

🔗 Project link on #GitHub 👉 https://github.com/angr/angr

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

New Open-Source Tool Spotlight 🚨🚨🚨

GOAD (Game of Active Directory) by Orange-Cyberdefense is a lab for pentesting Active Directory environments. With multiple configurations like GOAD-Mini and SCCM labs, it helps security professionals practice AD attack techniques. Caution: Designed for isolated lab use only. #ActiveDirectory #Cybersecurity

🔗 Project link on #GitHub 👉 https://github.com/Orange-Cyberdefense/GOAD

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

— ✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️