An honsest question to the #pentester crowd out there. When you write up a report, do you include everything you tried, or only the findings you came across and verified. I had a discussion today with someone new who nearly had me fire them as a client, and now I'm curious. We resolved our differences, but his initial reaction pissed me off and now I'm curious how others handle things.

One tidbit - there was no mention of chained vulnerabilities in the report. The reason? There were no exploitable vulnerabilities that we could chain off of! There's a lot more, but that was a taste of how it started.

With "all" commercial codes being vibe-coded these days, does that mean Pentesters have more work than ever? i.e., each piece of software has approximately 100,000,000 bugs, holes, exploits or hacks.
But, is the work much easier because of the AI slop being made is easier to track?
Is there much money in being a pentester?
Clearly QA isn't something companies are vested in.

#AISlope #VibeCoding #PenTester #PenTesters #EthicalHackers

Schon verkauft, danke!

Mag wer meinen kaum benutzen Flipper Zero abkaufen? Kommt einiges an Zubehör mit. Ebay mag mich den nicht verkaufen lassen.

Does anyone (in Germany) want to buy off my barely used flipper zero? Comes with stuff. Ebay doesn't like to sell it.

ESP32 crhismettal backpack, RPi Zero chrismettal backpack (no/kein rpi), DrB0rk NRF24 backpack, OVP

Preis/Price: 200 Euros

#FlipperZero #Flohmarkt #Fleamarket #ToSell #pentester #pleaseBoost

Who says that #AI isn't helping people in real-life situations?

Consider yourself a bad #hacker, breaking in a company #SharePoint server. With #Microsoft #CoPilot, you're able to determine recent #pentesting reports, plain text #passwords and other crucial information for your attack right away. As if you get direct help by an insider. Amazing.

If you find an interesting sensitive file you don't have reading permission for, you can ask CoPilot to show it to you, overriding all the #security permission measures. Even better: this is not even logged as a file access. No need to clean up afterward.

Exactly the software you will need for your work. #Pentester and attackers could not have asked for a better tool. Your victims will pay for this handy service themselves. Great to get that kind of important support by Microsoft. 😉

Read about that on: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

#LLM #fail #backdoor #pentesting

This is my semi-regular #introduction to find people!
(she/her)

💜 I work in #infosec as a #pentester

💜 A big, big believer in #opensource + #FOSS

💜 My library for #GOG games is endless, because I believe whole-heartedly in DRM-free gaming

💜 95% of what I post is about #gaming or the #SteamDeck (it's my happy place!)

💜 I'm trying to expand my #anime tastes, with Dan Da Dan being my most recent obsession (suggestions welcomed!)

💜 My #Kindle is utterly Calibre'd

We should be friends!!!

Formation en français, siouplè! 🧐🩵🥐

La voilà! Une formation de deux jours est conçu pour les débutants en sécurité possédant des connaissances de base en IT, qui repartiront avec des compétences immédiatement applicables. ✨🤩

https://nsec.io/training/2025-adoptez-la-mentalite-dun-pentester--formation-pratique-de-deux-jours/

#infosec #devops #pentester #hacking #ctf #mtl

Yet another of my inspirations as a child, to end up working in #infosec as a #socialengineer as a #pentester and a #hacker was the 1999 TV movie - Pirates of Silicon Valley.

This one was a movie I'd watch with my father when I was little. I loved seeing the old #Apple VS #Windows - and I enjoyed knowing what happened 𝘢𝘧𝘵𝘦𝘳𝘸𝘢𝘳𝘥𝘴 even more!

The quality of acting, the story...and yep even the low budget. I love this movie. Watch it if you've never done so!

#bringbackbeigecomputers