From RCE on a controller to domain admin
An interesting experience in solving a pentesting task
RedTeam
Accessing Bitbucket through a test K8s cluster
Kubernetes API can reveal many secrets without authentication
LLM for pentesting: speed isn't everything
We found out which local LLMs are better at finding vulnerabilities
Pentesting by AI: Local LLMs Benchmark
Comparative analysis of multiple LLMs in their ability to uncover vulnerabilities
PhantomRPC: A new method for privilege escalation
Fake RPC server can impersonate the security context of the calling client, up to SYSTEM
How to make OpenClaw execute malicious commands
We found a vulnerabilty in a popular LLM agent
Attacks via OpenClaw: when your LLM can make RCE
Following a special link, the AI agent itself will execute shell commands
Bruteforcing WPA 802.11r: a new module for HashCat
Previously, pentesting tools did not work with 802.11r hashes
Yes, we can RCE via your AI agent OpenClaw
Overly autonomous LLM executes commands not requested by the user
How we patched PEAS and ensured Provisioning
If Exchange ActiveSync requires security policy agreement, PEAS still works
Accessing services through Kubernetes
K8s clusters can be an interesting target during a pentest
Scan2hive helps upload data to Hive
How we improved our work with Hexway Pentest Suite
Implementation of TCP transport for the Mythic agent
If Mythic agents communicate over HTTP(S), they are easy to detect
Top-10 posts of PurpleShift in 2025
We selected posts that got the most likes