Lucene search
K

371 matches found

Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.5 views

On the Ethics of Using LLMs for Offensive Security

Large Language Models LLMs have rapidly evolved over the past few years and are currently evaluated for their efficacy within the domain of offensive cyber-security. While initial forays showcase the potential of LLMs to enhance security research, they also raise critical ethical concerns regardi...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/19 11:0 a.m.29 views

Why CTEM is the Winning Bet for CISOs in 2025

Continuous Threat Exposure Management CTEM has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today's cybersecurity programs by continuously aligning security efforts with real-world risk. At the heart ...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 10:54 a.m.21 views

Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team

Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon's recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with...

7.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/09 12:0 a.m.6 views

Offensive Security for AI Systems: Concepts, Practices, and Applications

As artificial intelligence AI systems become increasingly adopted across sectors, the need for robust, proactive security strategies is paramount. Traditional defensive measures often fall short against the unique and evolving threats facing AI-driven technologies, making offensive security an...

7.1AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/07 12:0 a.m.8 views

Weaponizing Language Models for Cybersecurity Offensive Operations: Automating Vulnerability Assessment Report Validation; a Review Paper

This, with the ever-increasing sophistication of cyberwar, calls for novel solutions. In this regard, Large Language Models LLMs have emerged as a highly promising tool for defensive and offensive cybersecurity-related strategies. While existing literature has focused much on the defensive use of...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/02/19 6:0 p.m.4 views

Take Command | Rapid7’s 2025 Cybersecurity Summit: First Look at Our Speaker Lineup

Take Command Summit 2025 is shaping up to be one of the most impactful cybersecurity events of the year, bringing together Rapid7’s own security experts alongside leading industry voices for a full day of insights into today’s evolving attack landscape. This virtual summit will offer actionable...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2024/11/05 6:49 p.m.23 views

CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

8.7CVSS0.0044EPSS
Exploits0References1
OSV
OSV
added 2024/10/28 5:43 a.m.4 views

MAL-2024-10249 Malicious code in offensive-security (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 893b805fad3e01a5b0c3843b799e418623c7ea7d1bc2cbcf04b513c650e3d151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/28 5:43 a.m.3 views

Malicious code in offensive-security (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 893b805fad3e01a5b0c3843b799e418623c7ea7d1bc2cbcf04b513c650e3d151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
The Hacker News
The Hacker News
added 2024/09/27 11:26 a.m.19 views

How to Plan and Prepare for Penetration Testing

As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting BGH cyber criminals, a...

7.7AI score
Exploits0
Kitploit
Kitploit
added 2024/09/21 11:30 a.m.588 views

Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking

The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...

7.2AI score
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2024/08/15 1:30 p.m.8 views

Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges

Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...

7AI score
Exploits0
CNNVD
CNNVD
added 2024/05/19 12:0 a.m.4 views

Syslifters SysReptor 安全漏洞

Syslifters SysReptor is a fully customizable offensive security reporting solution from Syslifters. A security vulnerability exists in Syslifters SysReptor versions prior to 2024.40 that stems from the presence of a cross-site request forgery vulnerability...

8.8CVSS6.6AI score0.00247EPSS
Exploits0References3
HackRead
HackRead
added 2024/02/06 12:56 p.m.16 views

Resonance Hires Cybersecurity Pro George Skouroupathis As An Offensive Security Engineer

By Uzair Amir The appointment is a major coup for Resonance as Skouroupathis is widely regarded as an expert innovator in the cybersecurity space. This is a post from HackRead.com Read the original post: Resonance Hires Cybersecurity Pro George Skouroupathis As An Offensive Security Engineer...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2024/02/03 11:30 a.m.33 views

Nemesis - An Offensive Data Enrichment Pipeline

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...

7.3AI score
Exploits0References3
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/11/23 6:5 a.m.10 views

Cap Dev. Better red teaming with continuous Capability Development

TL;DR What Capability Development Cap Dev is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware, and developing strategies Benefits of using a DevSecOps model for offensive security The essence of Cap Dev Cap D...

7.7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/10/17 7:8 p.m.20 views

Hexeon unleashed: human-centric offensive security amplified by technology

Part 3 in a blog series spotlighting Coalfire's 5th Annual Penetration Risk Report...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/09/11 7:54 a.m.63 views

Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows

A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this...

6.7AI score
Exploits0
Packet Storm
Packet Storm
added 2023/08/09 12:0 a.m.290 views

Pyro CMS 3.9 Server-Side Template Injection

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...

7.1AI score0.4111EPSS
Exploits4
0day.today
0day.today
added 2023/08/08 12:0 a.m.316 views

Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated) Exploit

Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable Versions: 3.9 CVE:...

9.8CVSS7.1AI score0.4111EPSS
Exploits4
Rows per page
Query Builder