r/cybersecurity

How do you see pentest evolve in 10 years, considering the AI evolution?

I have some vision what the blue team would look like, but I cannot imagine red team being a viable career anymore.

reddit.com
u/moostacha — 3 hours ago

Releasing my Windows 10/11 Hardening app, free, of course, else it wouldn't be here.

I used to have a hardening script for years, but now AI made it easy to convert my hardening script into an app.

It's beyond just a few settings - all of the ones in the recommended profile are battle-tested (I used to work in Microsoft's security consulting division in the Middle East).

Feedback is welcome, I promise to take into account and fix all issues reported here.

Here's the official description:

Most hardening tools overcorrect. Blindly applying a full DISA STIG to a personal or power-user machine wrecks it: it disables your password manager, kills InPrivate, turns on Controlled Folder Access that blocks your own apps, and demands a BitLocker PIN on every boot, all for compliance checkboxes that add little real security.

AtlantHarden v2.0 is built around a smarter idea: stop how malware and attackers actually get in and run, and skip the friction that does not stop them. Comprehensive when you want it with the Maximum profile, sensible by default with Recommended. Every change is backed up automatically and fully reversible.

Features

  • 579 hardening settings across registry, PowerShell, firewall, file associations, audit policy, and ASR rules
  • 354 DISA STIG controls across Windows 11 (V2R7), Edge (V2R5), Chrome (V2R11), Firefox (V6R7), and Office 365 ProPlus (V3R5)
  • 34 ACSC Essential Eight settings (July 2024) with live compliance scoring
  • 3 one-click profiles: Basic (95 settings), Recommended (318), and Maximum (579), each fully reviewable before apply
  • Recommended profile is gaming and performance safe and leaves your password manager, InPrivate, and history working
  • 19 Attack Surface Reduction rules blocking Office macros, ransomware, credential theft, and script droppers
  • LOLBin firewall rules blocking certutil, mshta, wscript, regsvr32, and wmic from the network
  • File association neutralization opening dangerous script types (.js, .vbs, .hta, .scr) as text
  • Browser hardening across Edge, Chrome, and Firefox simultaneously
  • PowerShell logging triad: script block + module + transcription
  • Registers itself as allowed for ASR and Controlled Folder Access so it never locks you out
  • Full backup with automatic pre-change snapshot, .reg export, and System Restore integration
  • Silent deployment via CLI for enterprise fleets, plus configuration import and export
  • One-click HTML security report with STIG and ACSC compliance metrics

If the mods allow it, I'll add a download link in here - else, just google "Atlant Harden"

https://atlantsecurity.com/downloads/atlant-harden

P.S. As this is free, I hope I am not breaking the no spam and no advertising rules

u/xorredd — 8 hours ago
▲ 195 r/cybersecurity+8 crossposts

CISA adds Linux kernel zero-day CVE-2026-43456 to KEV after active exploitation

CISA has added CVE-2026-43456, a Linux kernel local privilege escalation vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog following confirmed in-the-wild exploitation. Here's everything covering the affected kernel versions, the vulnerability itself, which distributions have shipped fixes, and the available mitigations. If you're maintaining Linux systems, it may be worth checking whether your kernel has already been updated by your distro. Patch Now.

thecybersecguru.com
u/KingdomOfAngel — 9 hours ago
▲ 3 r/cybersecurity+1 crossposts

Building an interactive career simulator for network engineers: From CCNA basics to SOC and Pentest operations.

I’m currently developing a cybersecurity sim game that bridges the gap between theory and practice. The journey starts with 30 networking tasks (based on the CCNA curriculum), where you build and troubleshoot infrastructure. Once that's mastered, the game expands into SOC analysis (log monitoring, threat detection) and finishes with a Pentesting consultant role.

My goal is to make technical training feel like a real career progression. I’d love to get some feedback from you folks on the realism and the workflow!

https://www.youtube.com/watch?v=xzRin4oz5kw
https://www.youtube.com/watch?v=pZBsk50Sjpo

instagram: jr.netengineer

u/Mindless_Base_2445 — 5 hours ago
▲ 8 r/cybersecurity+1 crossposts

Move into Appsec, what should I consider before doing it?

Backend engineer, ~5 YOE, 1 year at current. I've been offered an internal move to AppSec.

At my previous job I was the security guy on my team ("Security Champion" programme, but for technical people) - moving security initiatives for our app, exploratory testing (found a few big vulns while messing around), and owning the security side of a cloud migration: data classification, SAST in CI/CD, and passing internal audits - this was around 20% of my capacity, the rest were usual developer work. I liked it and wanted to grow in security, but left for a better BE offer.

Current job is distributed systems with e2e ownership in a great team, so I've picked up solid devops experience too. The really great team makes the choice a bit harder too :).

Two things worry me:

  • AppSec seems like it could mean really different stuff depending on the company - scanner triage at one place, threat modeling and architecture review at another. What is the real-deal appsec engineer job have to look like so I can be competitive if I decide to grow in this field?
  • Would the previous BE experience(granted that some of it ~2YOE was with a security flavour) hurt my prospects if I try to pursue an appsec role, and vice versa would the appsec experience hurt future BE prospects. Basically is there bidirectional transfer of skills. I'm guessing so, but I might be guessing badly.
  • Is AppSec going to be impacted badly by LLMs?

Anyone made this switch? What should I look for in an appsec role.

Disclaimer: I've used AI to make this post more understandable, English is not my native language, neither am I too good with words.

reddit.com
u/outMyComa — 9 hours ago
▲ 3 r/cybersecurity+2 crossposts

Questionario per tesi

Ciao a tutti, sto finendo la mia tesi in criminologia, dal titolo: Anatomia della Cyber-Estorsione Moderna

Tecniche, attori e conseguenze psico-sociali nell’era digitale.

Mi servirebbe una mano per far girare un questionario sull'impatto organizzativo e psicologico degli attacchi ransomware.

È ovviamente anonimizzato e ci vogliono 5 minuti per completarlo; dovrebbe essere sottoposto a chi ha subito attacchi ransomware.

Mi aiutate a farlo compilare o se rientrate nella casistica lo compilate a vostra volta?

https://forms.gle/xJ4bMAHAM4dF5xdV9

Grazie!

u/sheykastarshadow — 9 hours ago

How stressful is your role?

My last role was running the Red Team all by myself. It got so stressful to the point I started getting headaches and would feel lightheaded if I saw another request come in. At one point, I had to take 2 weeks off due to the stress.

Now, I worry about getting another Red Team role due to the experience.

So, I'm curious, what is your role and how stressful is it?

reddit.com
▲ 4 r/cybersecurity+3 crossposts

Feedback on my old-ish tool

Hello,

Some time ago, I made a tool for performing brute-force attacks (for work purposes, as I work as a security tester/pentester). I don't know if I had hands from the wrong place or what, but it was somewhat difficult to use Hydra, which at that time was a top-tier tool for this. So I made my own tool that works like I want it to work.

The main idea of the tool is that all configuration goes inside a YAML configuration file. Why, you may ask, because security testing usually goes in this circle: performing -> reporting -> someone fixes -> re-testing. Sometimes the systems we test are similar, sometimes they are complex enough, and also saving hydra commands or sharing them wasn't quite a practical solution in the long term.

Some time ago, I moved to another company where I'm more on the defensive side rather than attacking, so I didn't have a chance to use this tool much. So maybe anyone can give some kind of feedback on the code, possible improvements, etc.

Repo: https://github.com/narukoshin/EnRaiJin

p.s. For all the AI haters, this code is not vibe coded, as it was created when the AI hype wasn't even a thing. :) Commits lasting years are a good proof for that.

Thanks.

u/narukoshin — 20 hours ago

New to cybersecurity should I focus on new role or look for plan B? AI fear

I keep seeing this debate everywhere and honestly can't tell what's true anymore. Every other day there's a headline about AI causing layoffs, but when you actually read the story, half the time it sounds like normal cost-cutting or restructuring, and companies are just using "AI" as a convenient reason to say it out loud. But then some layoffs do seem real, like certain roles are actually shrinking because AI tools now handle most of what a junior person used to do.

I have 5 years of experience[India], mostly in data engineering, and I'm about to start a new job that's a mix of cybersecurity and AI data engineering. On paper it feels like a safer space since security work isn't going anywhere and AI is actually making that field grow rather than shrink. But I have a lot of financial responsibilities and people depending on me, so I can't just assume I'm safe and relax.

This is where I'm stuck. Should I go all in on this job and get really good at it, or should I use some of my time and energy to build something on the side, like a business, just in case things change later. I genuinely don't have the bandwidth to do both properly right now, so I have to pick one as my main focus for the next couple of years.

If anyone has been in a similar spot, new job, real financial pressure, watching all this AI job talk and wondering if your role is actually safe or not, how did you decide where to put your energy? You focus fully on the job or build something on the side as backup?

I come from true data engineering and AI background - Do you recommend coming to cybersecurity domain? Any tips

Edit1: My role: I’ll be building and automating end-to-end vulnerability management workflows on the ASM team - Python pipelines that normalize and route vulnerability data into Databricks/SIEM/SOAR systems, plus AI/ML components like model-based risk scoring and LLM-assisted triage. I will be trained on these certifications - I GCIA, GCIH, GMON

reddit.com
u/Many-Revolution965 — 1 day ago

Left SOC for a customer-facing security role. Will it be harder to get back into internal security?

I recently left an incident response role after several years to join a cybersecurity vendor in a customer-facing position. (For a well known fortune 100 company) - loved the job but stress caught up and opportunities for internal moves became scarce.

The new role is still technical and security-focused, but instead of responding to incidents internally, I’m helping customers understand security events, detections, and the platform. The pay and work-life balance are significantly better, which was a big factor in the move.

I currently hold CISSP, GCIH, and BTL1.

My concern is whether spending a few years in a role like this could make it harder to move back into an internal security role (IR, security operations, detection engineering, security engineering, etc.). This new role feels much more adjacent to customer success with some technical stuff.

Has anyone made a similar move and later returned to an internal security team? Did recruiters or hiring managers view your vendor experience as a positive, neutral, or negative?

I’d appreciate hearing from anyone who’s been through something similar.

reddit.com
u/LeatherCreepy8156 — 1 day ago

Ransomware crews pile onto US healthcare providers over the July 4 weekend

Holiday weekends continue to be attractive for ransomware operators. This roundup tracks several healthcare organizations added to leak sites.

intelfusions.com
u/IntelFusions — 1 day ago