Nemesis Breach and Attack Simulation

🚨 New RCE in Visual Studio & Copilot (CVE-2025-53773)! 0-Click command execution via prompt injection in READMEs/code comments. AI can alter settings & execute commands, risking CI/CD pipelines. Patch now! Full details: persistent-security.net/post/part-iii-…

Full details of CVE-2025-53773 (RCE via Copilot in VSCode, Visual Studio, and other IDEs..) thanks to @gitlab and in particular @joernchen for the collaboration.

Here's Claude Desktop using the Nemesis MCP servers to set up a test scenario from a malware sample analysis, fully automated! If you're a researcher and have cool ideas and applications for AI automation with Nemesis, sign up to the wait list here: forms.gle/TPz9KwpTzDRnX4…

We've released the first breach and attack simulation MCP - Nemesis MCP server integration is here: linkedin.com/pulse/nemesis-…

434c53388db2cc62e6f2070f77e69f174a78abf65c058b22c1fb2fcaedeb2d62

🙏 The eSIM/eUICC Security Training at @hardwear_io was also a lot of fun for me to hold. I'm happy to have had such a knowledgeable group with a great dynamic!

Proud to announce that PSI has secured a $1M investment from Georg Wicherski, ex-CrowdStrike. This means we’re doubling down on combining DORA compliance with Breach and Attack Simulation, growing our team, and wave of new features. Grateful for the belief in our team!

Digital Operational Resilience Act Series: Regulator Reactions and Information so far. persistent-security.net/post/digital-o… #DORA

📢 Attention all security engineers, researchers and developers! Let's uncover the secrets of eSIM along with @marver at #hw_ioNL2024; learn about secure deployment practices, potential attack surfaces, and much more! Link: hardwear.io/netherlands-20… #esim #euicc #securityexperts

A remote code execution vulnerability has been identified in Windows systems that can compromise devices via WiFi. Ensure your safety and learn how to protect yourself: persistent-security.net/post/cve-2024-… CVE-2024-30078

CVE-2024-30078 Kunlun Lab 👀🔥 msrc.microsoft.com/update-guide/v…

How our team found a bypass for phishing proof @okta MFA and how it was handled: persistent-security.net/post/when-phis…

Read about how our @Giutro and Nikos from @Persistent_Psi bypassed @okta Verify "phishing-resistant" features. persistent-security.net/post/when-phis… All your sessions are belong to us 🎣

Mike Cartoscelli joins the PSI team as our new COO! Having 29 years of experience in technology, he will focus on bringing our Breach and Attack Simulation (BAS) product Nemesis to a wider market and focus on how Nemesis can assure compliance to the DORA regulatory framework.

Hope to see you at @nullcon 2024. The PSI team is looking forward!

Learn from the best or get phished like the rest, attend the training at @nullcon Berlin 2023 by our expert @Giutro: nullcon.net/berlin-2024/tr…

Want to know how to audit large software projects effectively? Eric Sesterhenn and myself will teach what you need to know @nullcon: nullcon.net/berlin-2024/tr…

Embedded Threats: A Deep Dive Into The ESIM World - Markus Vervier youtu.be/Ka70323Y6aQ #hacklu @hack_lu

Starting off today by celebrating 10 years of ATT&CK! The pioneering minds behind the framework are reuniting for an unforgettable journey through the storied history of ATT&CK. Here's to a decade of innovation! #ATTACKcon4 @stromcoffee @likethecoins @jadefh @esheeslee

Explore the potential of push notifications for maintaining persistence in our new blog post - Beacon-on-Demand! Delve into the mechanics of raw notifications and unpackaged Windows apps. persistent-security.net/post/beacon-on… #CyberSecurity #WindowsApps #PushNotifications #PersistentSecurity