371 matches found
On the Ethics of Using LLMs for Offensive Security
Large Language Models LLMs have rapidly evolved over the past few years and are currently evaluated for their efficacy within the domain of offensive cyber-security. While initial forays showcase the potential of LLMs to enhance security research, they also raise critical ethical concerns regardi...
Why CTEM is the Winning Bet for CISOs in 2025
Continuous Threat Exposure Management CTEM has moved from concept to cornerstone, solidifying its role as a strategic enabler for CISOs. No longer a theoretical framework, CTEM now anchors today's cybersecurity programs by continuously aligning security efforts with real-world risk. At the heart ...
Learning How to Hack: Why Offensive Security Training Benefits Your Entire Security Team
Organizations across industries are experiencing significant escalations in cyberattacks, particularly targeting critical infrastructure providers and cloud-based enterprises. Verizon's recently released 2025 Data Breach Investigations Report found an 18% YoY increase in confirmed breaches, with...
Offensive Security for AI Systems: Concepts, Practices, and Applications
As artificial intelligence AI systems become increasingly adopted across sectors, the need for robust, proactive security strategies is paramount. Traditional defensive measures often fall short against the unique and evolving threats facing AI-driven technologies, making offensive security an...
Weaponizing Language Models for Cybersecurity Offensive Operations: Automating Vulnerability Assessment Report Validation; a Review Paper
This, with the ever-increasing sophistication of cyberwar, calls for novel solutions. In this regard, Large Language Models LLMs have emerged as a highly promising tool for defensive and offensive cybersecurity-related strategies. While existing literature has focused much on the defensive use of...
Take Command | Rapid7’s 2025 Cybersecurity Summit: First Look at Our Speaker Lineup
Take Command Summit 2025 is shaping up to be one of the most impactful cybersecurity events of the year, bringing together Rapid7’s own security experts alongside leading industry voices for a full day of insights into today’s evolving attack landscape. This virtual summit will offer actionable...
CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server
Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...
MAL-2024-10249 Malicious code in offensive-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 893b805fad3e01a5b0c3843b799e418623c7ea7d1bc2cbcf04b513c650e3d151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in offensive-security (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 893b805fad3e01a5b0c3843b799e418623c7ea7d1bc2cbcf04b513c650e3d151 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
How to Plan and Prepare for Penetration Testing
As security technology and threat awareness among organizations improves so do the adversaries who are adopting and relying on new techniques to maximize speed and impact while evading detection. Ransomware and malware continue to be the method of choice by big game hunting BGH cyber criminals, a...
Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
The Damn Vulnerable Drone is an intentionally vulnerable drone hacking simulator based on the popular ArduPilot/MAVLink architecture, providing a realistic environment for hands-on drone hacking. About the Damn Vulnerable Drone What is the Damn Vulnerable Drone? The Damn Vulnerable Drone is a...
Brandon Adkins’ Career Journey - Taking Chances and Tackling New Challenges
Brandon Adkins is the Manager of our Threat Intelligence & Detection Engineering TIDE team. His career journey spans a variety of roles and teams where he has been able to showcase his technical skills in security. Since joining Rapid7, he’s had experience as a Penetration Testing Consultant,...
Syslifters SysReptor 安全漏洞
Syslifters SysReptor is a fully customizable offensive security reporting solution from Syslifters. A security vulnerability exists in Syslifters SysReptor versions prior to 2024.40 that stems from the presence of a cross-site request forgery vulnerability...
Resonance Hires Cybersecurity Pro George Skouroupathis As An Offensive Security Engineer
By Uzair Amir The appointment is a major coup for Resonance as Skouroupathis is widely regarded as an expert innovator in the cybersecurity space. This is a post from HackRead.com Read the original post: Resonance Hires Cybersecurity Pro George Skouroupathis As An Offensive Security Engineer...
Nemesis - An Offensive Data Enrichment Pipeline
Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...
Cap Dev. Better red teaming with continuous Capability Development
TL;DR What Capability Development Cap Dev is in this context The big Cap Dev benefits for red teaming Operations and Development, sharing and improving Improvements to TTPs, hardware, and developing strategies Benefits of using a DevSecOps model for offensive security The essence of Cap Dev Cap D...
Hexeon unleashed: human-centric offensive security amplified by technology
Part 3 in a blog series spotlighting Coalfire's 5th Annual Penetration Risk Report...
Cybercriminals Using PowerShell to Steal NTLMv2 Hashes from Compromised Windows
A new cyber attack campaign is leveraging the PowerShell script associated with a legitimate red teaming tool to plunder NTLMv2 hashes from compromised Windows systems primarily located in Australia, Poland, and Belgium. The activity has been codenamed Steal-It by Zscaler ThreatLabz. "In this...
Pyro CMS 3.9 Server-Side Template Injection
Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Date: 03/08/2023 Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable...
Pyro CMS 3.9 - Server-Side Template Injection (SSTI) (Authenticated) Exploit
Exploit Title: Pyro CMS 3.9 - Server-Side Template Injection SSTI Authenticated Exploit Author: Daniel Barros @cupc4k3d - Hakai Offensive Security Vendor: https://pyrocms.com/ Software Link: https://pyrocms.com/documentation/pyrocms/3.9/getting-started/installation Vulnerable Versions: 3.9 CVE:...