We benchmarked 4 AI pentesting tools: Escape, Shannon, Strix, PentAGI, and Claude against a modern vulnerable application. Learn more about their detection rates, false positive rates, and scanning speed.

The post Benchmarking AI Pentesting Tools: A Practical Comparison appeared first on Security Boulevard.

The False Sense of Security SMB signing on domain controllers has become standard practice across most Active Directory environments. But this hardening may have created a false sense of security. CVE-2025-33073 changes the calculus by removing the prerequisite of admin access, enabling NTLM relay attack Active Directory exploitation through unconstrained delegation. Domain controllers enforce SMB […]

The post Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem appeared first on Praetorian.

The post Reflecting on Your Tier Model: CVE-2025-33073 and the One-Hop Problem appeared first on Security Boulevard.

During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude (Opus 4.5) and a third-party asset management platform. The idea is simple: instead of clicking through dashboards and making API calls, users just ask the agent to do it for them. “How many open tickets do […]

The post Which Came First: The System Prompt, or the RCE? appeared first on Praetorian.

The post Which Came First: The System Prompt, or the RCE? appeared first on Security Boulevard.

TL;DR: Julius v0.2.0 nearly doubles LLM fingerprinting probe coverage from 33 to 63, adding detection for cloud-managed AI services (AWS Bedrock, Azure OpenAI, Vertex AI), high-performance inference servers (SGLang, TensorRT-LLM, Triton), AI gateways (Portkey, Helicone, Bifrost), and self-hosted RAG platforms (PrivateGPT, RAGFlow, Quivr). This release also hardens the scanner itself with response size limiting and […]

The post Julius v0.2.0: From 33 to 63 Probes — Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines appeared first on Praetorian.

The post Julius v0.2.0: From 33 to 63 Probes — Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines appeared first on Security Boulevard.

Tom Eston interviews offensive AI researcher and PhD candidate Andrew Wilson, a former Bishop Fox partner who helped grow the firm from under 20 people to nearly 500, built award-winning AI solutions for SOC modernization, founded Cactus Con, and relocated his family to Guadalajara to open and scale a Bishop Fox office. They discuss Mexico’s […]

The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Shared Security Podcast.

The post The Real State of Offensive Security: AI, Penetration Testing & The Road Ahead with Andrew Wilson appeared first on Security Boulevard.

The capabilities of modern AI models have advanced far beyond what most people in the security industry have fully internalized. AI-generated phishing, script writing, and basic offensive automation are getting plenty of attention, but what happens when you apply agentic AI to the full lifecycle of building, testing, and refining custom malware and command-and-control (C2) […]

The post AI-Driven Offensive Security: The Current Landscape and What It Means for Defense appeared first on Praetorian.

The post AI-Driven Offensive Security: The Current Landscape and What It Means for Defense appeared first on Security Boulevard.

Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling me about a friend like this who, on a recent penetration test, pressed the shift key five times at an RDP login screen […]

The post Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly appeared first on Praetorian.

The post Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly appeared first on Security Boulevard.