Screenshot tool in MAC for Pentest Report
What screenshot tool do you use in MAC? Preferably has invert color option, margin option, redact tool. submitted by /u/Candid_Chemistry_493 [link] [comments]
Articles tagged with: #red-team
Clear filter
Who's the Evil Twin? Differential Auditing for Undesired Behavior
arXiv:2508.06827v2 Announce Type: replace-cross Abstract: Detecting hidden behaviors in neural networks poses a significant challenge due to minimal prior knowledge and potential adversarial obfuscation. We explore this problem by framing detection as an adversarial game between two teams: the red team trains two similar models, one trained solely on benign data and the other trained on data containing hidden harmful behavior, with the performance of both being nearly indistinguishable on the...
AzureStrike: An HTA Application which builds Azure (Entra) Scenarios for Red Team Simulations
submitted by /u/digicat [link] [comments]
Automation Is Redefining Pentest Delivery
Pentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods - static PDFs, emailed documents, and spreadsheet-based tracking. The problem? These outdated workflows introduce delays,
My dumbest cybersecurity mistake (and how I learned from it)
Okay, confession time. Early in my cybersecurity career, I was working on a penetration test for a client. I was so focused on finding vulnerabilities in their network that I completely overlooked basic security hygiene on my own machine. I mean, really overlooked it. I was using a shared virtual machine for the test, which is standard practice, but I failed to properly isolate the VM's network connections. Basically, I had a direct connection between my personal network and the client's...
"Vibe Hacking": Abusing Developer Trust in Cursor and VS Code Remote Development
In a recent red team engagement, the client's attack surface was so well-defended that after months of effort, the only system we managed to compromise was a lone server, which was apparently isolated from the rest of the network. Or so we thought. One developer had been using that server for remote development with Cursor. This setup is becoming increasingly popular: developers run AI agents remotely to protect their local machines. But when we dug deeper into how Cursor works, we discovered...
Penetration Testing Execution Standard
http://www.pentest-standard.org/index.php/Main_Page why do we have a standard for penetration testing and the website is served only in http? submitted by /u/xb8xb8xb8 [link] [comments]
IT Audit to Blue Team
I am going into a big 4 IT audit role after a bachelors and a masters in CS, which I need to pay bills and food. The only issue is that I enjoy coding, scripting, and all other things technical, which of course is not present in IT Audit. I was initially thinking to transfer in for software engineering roles, but IT Audit doesn't really help for those so I was wondering if it is potentially more likely to secure a blue/red team role after a year or so. submitted by /u/MClabsbot2 [link]...
Most creative or effective defenses/attacks you've done or seen
What are some of the most creative blue team or red team actions you've done or seen? Were they realistic to what you have seen real threat actors do? submitted by /u/PsychologicalDebt399 [link] [comments]