Mastodawn

Most deception is built to evict intruders fast. Knossos goes the other way. 🪤

It procedurally generates a full decoy cloud environment that keeps attackers inside, burning time and resources while every move becomes detection signal. Realistic Terraform infra, breadcrumb trails that lead deeper, and alarms that fire the moment anything is touched, all isolated from production.

📝 See the full changelog: https://portal.praetorian.com/changelog/knossos-procedurally-generated-decoy-environments-that-turn-attackers-into-intelligence

#infosec #offensivesecurity #praetorianguard

Pentest-Tools.com Jun 19

Knowing something was _off_ before you could prove it.
Knowing when the _obvious_ path was the wrong one.
Knowing _when_ to keep pulling.

No dashboard tracks any of that.

Which means the skills that actually separate good practitioners from the rest stay invisible.

Which underrated skill improved your offsec intuition & attacker mindset?

#offensivesecurity #penetrationtesting #ethicalhacking

Spotting what's off early

Building your own tooling

100%

Triage and prioritization

Knowing when to dig in

Poll ended at Jun 20 at 11:16am.

xer0dayz Jun 12

[DEMO] Sn1per Professional 2026 Released: A New Era for Attack Surface Management

https://sn1persecurity.com/wordpress/sn1per-professional-2026-release/?utm_source=mastodon&utm_medium=social&utm_campaign=pro2026-launch

#offsec #offensivesecurity #netsec #infosec #bugbounty #pentesting #ai

Pentest-Tools.com Jun 12

You don't trust a finding until you've reproduced it. That's the job in #offensivesecurity.

AI discovery produces findings FAST. But it doesn't tell you what's exploitable in your context.

Volume goes up. 📈 Validation stalls. 🚧

Faster discovery, same validation. Where's the real bottleneck now?

Validating exploitability

Triaging the noise

100%

Delivering remediation steps

Reporting to execs

Poll ended at Jun 19 at 1:02pm.

leHACK Jun 12

🇬🇧
Claranet, Gold Sponsor of #leHACK 2026, covers the full cybersecurity lifecycle: offensive security, defensive security, and security operations. 70+ pentesters, SOC, incident response, WAF. Partner since 2019. #PenetrationTesting #OffensiveSecurity #CyberSecurity

Pentest-Tools.com Jun 8

🏴‍☠️ New #offensivesecurity research: phpBB authentication bypass discovered by Pentest-Tools.com! And it packs *two* vulnerabilities. 👇👇👇

⚡PTT-2026-004 (CVSS 9.4 - critical): one HTTP request, a target username, a wrong password phpBB never checks. You get back a valid session cookie for that account.
Admins included.
Works on every default phpBB install up to and including 3.3.16, no prior access needed.

The vulnerable code path got introduced more than 10 years ago and survived multiple major releases and security reviews before Alex Dan, offsec researcher at Pentest-Tools.com, found it along with...

⚡PTT-2026-005 (CVSS 8.3 - high) which chains two OAuth defects for a silent account takeover on sites with OAuth configured. In some cases, the victim doesn't need to click anything - an image tag embedded in a forum post is enough to trigger it.

⬇️⬇️⬇️

Full technical breakdown & mitigation steps 👉 https://pentest-tools.com/research/phpbb-authentication-bypass "

Praetorian Jun 8

Default, weak, and leaked credentials are the traitor already sitting inside your most defended systems. Every fortified gate trusts a familiar face.

Brutus is our open-source credential testing tool: default, weak, and leaked validation across 20+ protocols. 🗝️

https://github.com/praetorian-inc/brutus
https://www.praetorian.com/blog/et-tu-default-creds-introducing-brutus-for-modern-credential-testing/

#CredentialSecurity #PenTesting #OffensiveSecurity #Praetorian #PraetorianGuard

Analyst207 Jun 5

Cybersecurity Industry Scrambles to Adapt to AI-Powered Vulnerability Discovery

In a flash, an AI-powered tool uncovered a vulnerability that took down Moderna's development environment, leaving security teams scrambling to keep up with the lightning-fast capabilities of emerging tech. This game-changing incident highlights the incredible potential of AI-driven testing to…

https://osintsights.com/cybersecurity-industry-scrambles-to-adapt-to-ai-powered-vulnerability-discovery?utm_source=mastodon&utm_medium=social

#AipoweredVulnerability #OffensiveSecurity #VulnerabilityDiscovery #EmergingThreats #Moderna

Cybersecurity Industry Scrambles to Adapt to AI-Powered Vulnerability Discovery

Discover how AI-powered vulnerability discovery is changing cybersecurity. Learn to adapt and protect your business with expert insights and actionable tips now.

OSINTSights

Pentest-Tools.com Jun 4

Your compliance audit is coming. Your last scan was three weeks ago.

The Website Scanner from Pentest-Tools.com scans for 75+ vuln types, cuts FPs by 50%, and automatically diffs results against previous scans.

Go into that meeting with proof: https://pentest-tools.com/website-vulnerability-scanning/website-scanner

#offensivesecurity #penetrationtesting

leHACK Jun 4

🇬🇧
n8ive by Design: One Leaked Key, Three Attack Chains | 27/06 at 11:30

From leaked JWT tokens to RCE, credential exfiltration, and cryptographic flaws in n8n's secret handling: three attack chains built on real-world data.

https://lehack.org/2026/tracks/conferences/
https://www.billetweb.fr/lehack-2026-brave-new-world

#leHACK #n8n #OffensiveSecurity