uid0

@UK_Daniel_Card Its ok, the WAF will block attacks 🤦🏻‍♂️🤣

can I show you something about SYSTEMS architecture and then a problem with thinking 'pentesting' is the goal?

@ghostinthecable @UK_Daniel_Card 🤣🤣🤣🤣

@UK_Daniel_Card yay <3

ah mon amis! we are adding multi language support! Just testing this!

If your interested in the methodology behind penetration testing AI ecosystems, check out my latest blog post! Deep dives on these methodologies to follow soon! #cybersecurity #ai #hacking #ethicalhacking #offensivesecurity blog.rootsignal.co.uk/blog/pentestin…

@0xConda A great one ive found for this is using words like "impact verification". Seems to bypass the refusals every time

ChatGPT: Sorry I cannot help you with authorized security research Claude: Hold my beer

Most companies think the risk with AI is the model. Its not.... If an attacker can influence the model, they can influence the systems behind it! My latest post on how we test AI Ecosystems and use LLM's to pivot to real infra. Check it out below. blog.rootsignal.co.uk/blog/pentestin…

@HackingLZ Ditto, ringway mcr has been a favourite for some years now!

One of my favorite random YT channels youtu.be/UZSThymsKyA

@gabsmashh 🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️

pro: got quoted in this article talking about surveillance system breaches! con: got referred to as "he"...again cybernews.com/news/fbi-cyber…

Planning to write up another blog post shortly, what content would you like to see?

@HackingDave Haha omg I need to get our shep one of these 🤣

Got my dog a cigarette toy 😂😂😂 I’m dying 😂😂

Just came across this on good old LinkedIn, by a senior security program manager.. do these people really believe we run ZAP and metasploit during pentests? 🤣🤦🏻‍♂️ mindblown

@KeithRamphal @HackingLZ Lol reverse uno 🤣 correct, if you can prompt inject or jailbreak the bot, you win prizes!

@HackingLZ @uidzero Reverse Uno the pentesting bot and prompt inject it. I think you win the pentest at that point right?

With all these AI pentesting bots being posted recently, I decided to put my two cents into why we are not ready for fully autonomous pentesting with AI yet. Im case you missed it, read it on my blog here: #ai #Pentesting #CyberSecurity blog.rootsignal.co.uk/blog/is-ai-rea…

@HackingLZ I saw you've been doing some research on this. Planning to go public with it? Id be interested in the findings

@uidzero Also fun…Look at the code for most of them and watch how little they care about security or prompt injection.

@JustL22866 Yeah agreed there, the legal discussions would be a requirement. Data wise I didn't touch on in this post but this would certainly be something to consider if you're planning on using any of the frontier models like Claude, GPT etc.

@uidzero IMO, any company wanting to use AI on assessments should first speak to legal .. We will likely purchase an Enterprise license , giving us control of the data. But we are still trying to determine how to best deploy Claude to the actual red teamers

I decided to start a blog for some hacker ramblings and insights, and what better way to start than to discuss why AI is not yet ready for end-to-end pentesting. Keen on getting people talking about this subject, let me know your thoughts on this! blog.rootsignal.co.uk/blog/is-ai-rea…

@x25princess 100% would agree. Recently had an OKR to create an AI based tooling to assist with adversarial attacks / penetration testing. Given the hallucinations etc in LLM's, there ain't no way I'm throwing any AI based tool at a live env.

I am old school and wouldn't use AI in my red teaming. I'm not anti AI, I just am not on the pen testing side, I do physical security testing and I can't even get GPT to get dates right, so I don't trust it with my work.

@infosec_fox Makes me want to kms dude 🤣🤣

@uidzero I hate ‘circle back’ like whyyyy

What is the corporate jargon that annoys you? Mine is “low hanging fruit” 🤮

@HackingDave @_xpn_ Love this, it definitely works been doing it for years. Although you just lost a friend point as I spat out my correctly boiled from a kettle tea over that comment 🤣

Solid recommendation. Telling yourself positive things or visualizing what you want to do - your brain believes it and executes on it. Only complaint is that she wasn't using microwavable tea. AMIRITE all my brits out there? Superior tea == microwaved? @_xpn_

The days of dumpster diving, phreaking, BBS and damn cool hacks. If you are new to the industry or haven't looked at the past, I implore you do to so. Never forget where we come from! @RayRedacted did a great talk about this a few years back for TMHC, worth a watch!

I reposted this earlier today but wanted to reflect. This manifesto played a huge part in me getting into the hacking culture, coupled with stories like reading the about MIT hacking PDPs, Lopht, CDC, Cptn Crunch, Mitnick to name a few A thread 🧵