Come join my team: Target is hiring for a Senior AppSec Pentester. Message me if you want to know what the role/team is like. Lots of benefits, plenty of time for training. Must be close-ish to Brooklyn Park, MN.

https://target.wd5.myworkdayjobs.com/targetcareers/job/7000-Target-Pkwy-NNCD-0375-Brooklyn-ParkMN-55445/Senior-Cybersecurity-Engineer---Penetration-Tester_R0000388874

BashCore 2504 (April 2025) is now featured on Oswatch!
We’re proud to announce that the latest release is officially listed!
Built on Debian 12.10 (Bookworm) with kernel 6.1.0-32-amd64, this update brings vim, SMB support, and more.

Thanks for the support, Oswatch!
Download now at https://bashcore.org

Just tried to explain what BashCore is — a minimal, terminal-only OS built for learning and pentesting — and got the same reaction you'd expect if I said a marmot wraps the chocolate.

Not for everyone, but perfect for those who speak fluent shell.

https://bashcore.org

Man, this whole AI hype train... Yeah, sure, the tools are definitely getting sharper and faster, no doubt about it. But an AI pulling off a *real* pentest? Seriously doubt that's happening anytime soon. Let's be real: automated scans are useful, but they just aren't the same beast as a genuine penetration test.

Honestly, I think security needs to be woven right into the fabric of a company from the get-go. It can't just be an afterthought you tack on when alarms are already blaring.

Now, don't get me wrong, AI definitely brings its own set of dangers – disinformation is a big one that springs to mind. But here's the thing: we absolutely *have* to get our heads around these tools and figure them out. If we don't keep pace, we risk becoming irrelevant pretty quick.

So, curious to hear what you all think – where do the greatest pitfalls lie with AI in the security field? What keeps you up at night?

Cuando el atacante etiqueta el malware como "Virus".

to any and all #infosec and #pentesting professionals, do you have any tips you could share about business-speak? more specifically, how do you translate to a business unrelated with our field the importance of our work?

Remember when I was talking about GenAI powered testing tools? Ran into this:

https://github.com/GreyDGL/PentestGPT

Think Like a Black Hat, Act Like a White Hat!

Let's Face-It ! ->To outsmart cybercriminals, you must think like one—but use your skills for defense, not destruction. Learn the mindset of hackers and the strategies ethical hackers use to strengthen cybersecurity.
Read more: https://wardenshield.com/think-like-a-black-hat-and-act-like-a-white-hat
#ethicalhacking #cybersecurity #whitehat #blackhat #Pentesting #CyberDefense #wardenshield #threatintelligence

Whoa, Gamaredon/Shuckworm is back at it again. Seriously, these guys just don't quit! They've got a new GammaSteel variant making the rounds, and it's targeting foreign military missions over in Ukraine. But honestly, this kind of threat? It has implications for *all* of us.

Get this: their way in is infected USB drives! I mean, seriously folks, who's still plugging random USB sticks into their machines these days?! Come on!

Here's the deal: GammaSteel quietly siphons off data in the background. Plus, their C2 servers act as the attackers' command and control hub. Toss in some PowerShell scripts, and you've got a recipe for disaster brewing.

Speaking as a pentester, sadly, I see this kind of thing way too often. It's usually simple tactics paired with surprisingly clever malware... a nasty combo.

So, what's the takeaway? Time for a serious look at your USB policy! And employee training on this stuff is absolutely crucial. Regular pentests? They're non-negotiable. Sure, automated scans are helpful, but they're *no* substitute for a seasoned pentester's eyes digging deep. (Quick side note: Ever dug into the UserAssist keys in the Windows Registry? You can uncover some interesting trails there...)

Let's talk strategy: What USB security measures do you have running in your environment? Drop your thoughts below!

Seriously, what *is* going on with the Play Store these days?! Clients constantly ask me if the apps are actually secure... and tools like PlayPraetor? They're basically screaming NOPE!

You wouldn't believe the junk floating around. Fake apps are out there just harvesting your data. Think banking trojans, sneaky PWAs set up for phishing, Remote Access Trojans (RATs) – you name it, it's probably there. An absolute nightmare!

Wondering about PWAs? They're essentially websites packaged as apps, which makes them a prime vector for phishing scams. And RATs? Those give attackers *complete* control over your device. Seriously nasty stuff! Then there's Phantom malware leveraging Accessibility Services to watch everything you do... It's intense!

Actually, this takes me back to a recent pentest where we nearly overlooked a very convincing PWA phishing page. Thinking automated scans will catch everything? Yeah, don't count on it.

So, how can you shield yourself from this mess?
1. Stick strictly to official app stores!
2. Do your homework on the developers – vet them!
3. Always check app permissions *before* installing! What do they *really* need access to?
4. Make sure you've got solid mobile security installed!

Have you ever stumbled upon a fake app? How are you keeping your Android device locked down? Share your best tips below!

wow .. this is amazing: A handheld #Linux terminal (running #kali_linux) using #RaspberryPi Zero 2W as Core with 4" 720X720 TFT display and the original BlackBerry Keyboard https://github.com/ZitaoTech/Hackberry-Pi_Zero

[Update – 8 hours later]
BashCore still holding strong.

RAM steady at 700 MB

Load average: 0.25 0.18 0.20

No GUI, no disk writes, 6 active terminals

Running from a USB 2.0 stick (8 GB!)

Host: Acer Aspire One D160 (2009, 2 cores, 2 GB RAM, no battery, Wi-Fi only)

Uptime test continues. 6.5 days to go.

Yo, IT-Sec crowd!

Anyone else noticing how *everyone* seems to be talking about AI-powered security tools these days? Yeah, it's everywhere. But let's be real for a sec – are they *truly* as amazing as the hype suggests?

I mean, okay, AI can definitely be useful for spotting anomalies and patterns, no doubt about that. But here's a thought: what happens if the AI itself gets compromised? Or what about when it starts churning out false alarms simply because it doesn't *really* grasp the situation?

Honestly, I've got my reservations. While automation is certainly nice to have, I'm convinced a skilled pentester, you know, one with actual brainpower and a strategic approach, still outsmarts any AI – at least for the time being. And look, if AI eventually *does* get significantly better, well, that just means it's time for us to add another skill to our toolkit.

So, what's your perspective on this? Do you see AI completely taking over the pentesting scene, or is that human touch going to remain irreplaceable? Let the debate begin!