Caido v0.56.1 released

https://secburg.com/posts/caido-v0561-released/

#caido #web #pentesting #webapp

Modern infrastructure changes daily — and cyber threats evolve just as fast.🔐

Continuous Penetration Testing helps detect vulnerabilities across cloud platforms, APIs, and web applications in real time.

🌐https://www.vaptsecurity.com

#CyberSecurity #VAPT #Pentesting #CloudSecurity

Wireless pentesting is about finding weak spots in Wi-Fi and other wireless networks by capturing traffic, analyzing signals, and testing how well authentication holds up against real-world attacks.

Here are popular wireless pentest tools 😎👇

Find high-res pdf ebooks with all my Linux and cybersecurity related infographics at https://study-notes.org

#cybersecurity #wifi #wifihacking #pentesting #networksecurity

Mini Pen Test Diaries Story:

The year was 2010, and I was onsite at a UK local authority doing an internal network assessment.

One of the tasks was - if given a standard, non-privileged, domain user account, with minimal access afforded to it - what could I do? Could I access sensitive documents? Could I login to systems I shouldn't be able to? Could I elevate myself. Standard stuff.

I got my account, and immediately started fishing around the main file share with the users home directories on it. To my immense surprise, I found out that I was able to access the content of every single users home directory. Including all the top level folks.

They must've accidentally given me some account in an IT group or something, so I check it out. Nope - groups look normal.

The permissions on the share look pretty normal too.

I play around with the account more and more and encounter zero resistance to anything, access wise.

Something must be very wrong - but what?

Finally I go over and speak to the IT people who I'd been working with.

"So," I said. "This account, it's supposed to have a very minimal permissions set right?"

"Yes, the lowest of the low." They reply.

"So how come I can get into all these files?" I ask, and show them my rummaging around the very senior peoples confidential files.

"You shouldn't be able to do that!!"

Now, the three of us are rapidly trying to figure out what the heck is going on. It's surprisingly difficult to figure out.

Eventually, I make what to this day remains one of my all time favorite pen testing discoveries.

This organisation, had somehow, managed to add the entire "Domain Users" group to the "Domain Admins" group!

All 1,500 people who worked there, had domain admin access. And after investigation, we found out it had been like that for 10 months.

Someone couldn't get something working, until they found this "fix".

Amazing.

For more, slightly less mini pen test diaries stories, check out https://infosecdiaries.com.

#infosec #pentest #pentesting

Alguien construyó 35 agentes de pentesting de IA para Claude Code... y es honestamente una locura.

Ataques AD, explotación web, pentests en la nube, análisis de malware, ingeniería inversa, operaciones C2, incluso red teaming de LLM — todo dentro de un solo marco.

Este es uno de los proyectos de IA de seguridad ofensiva más avanzados que he visto en GitHub últimamente.

🔗 https://github.com/0xSteph/pentest-ai-agents

#CyberSecurity #Pentesting #RedTeam #AI #OSINT

Seven FuelCMS CVEs documented. XSS callbacks now show IP and headers. Website Scanner detects exposed private keys passively. Scheduled scan exports. API risk filtering.

Also: free scanner for CVE-2026-41940, the cPanel auth bypass exploited for 64 days before a patch existed. No account needed.

https://pentest-tools.com/network-vulnerability-scanning/cve-2026-41940-scanner-cpanel-authentication-bypass

#infosec #pentesting #vulnerabilitymanagement

Mythos for Offensive Security: XBOW's Evaluation

Anthropic의 Mythos Preview 모델은 소스 코드 분석과 취약점 탐지에서 기존 모델 대비 큰 진전을 보였다. 특히 소스 코드 기반 취약점 발견과 네이티브 코드 분석, 리버스 엔지니어링에서 뛰어난 성능을 보였으나, 라이브 사이트 상호작용이 제한되면 성능이 저하되는 한계가 있다. XBOW의 평가에 따르면 Mythos Preview는 코드 읽기 능력이 매우 뛰어나며, 라이브 사이트와 결합할 때 최적의 취약점 탐지가 가능하다. 다만, 판단력은 다소 보수적이고 문자 그대로 해석하는 경향이 있어 정밀한 프롬프트와 검증 인프라가 필요하다.

https://xbow.com/blog/mythos-offensive-security-xbow-evaluation

#llm #security #vulnerabilitydetection #sourcecodeanalysis #pentesting