Yesterday I ran a pentest against an RDP server, the process was ok but not amazing, I had to provide more help than I would have liked, resource consumption and the idea it should keep going…. wasn’t great. The process and output wasn’t terrible at all but it didn’t blow me away.

So today I wanted to see if Claude could take on as simple active directory lab! Now let’s be clear, there were I think one or two updates to the Claude client in that time! The Claude UI even changed look and feel! So I span up an AD lab I had made a while ago and got to work!

Two blogs in a day

Yes, I know, from zero blogs in a while to two in a day! Why? Well because the experience I’ve had today testing an Active Directory in the lab with Claude doing all the work (like really 99% of it) has been quite different to yesterday’s.

Today I have a new darker UI, the task plan Claude creates prompts for user input. I get asked about test style, approach via a serious of questions and responses.

Whilst I made lunch and had a few cups of tea

From a black box point of view, the domain isn’t comprisable without out of scope or high time dependant activities (e.g. social engineer or low and low password attacks).

So we moved to assume breach after running through the common steps to attempt to gain access.

The fist round of assume breach; the user account had ‘administrator’ group membership (clearly a hangover from an old bit of lab work):

so after the report was generated, I reset the lab and changed some credentials and put the test back to the start of the authenticated position (but this time low privilege):

Come with me if you want to live!

Honestly, I’m quite impressed at the delta between yesterday’s testing and today’s! The process, the wizard questions, the findings, the level (lack of) handholding and then the report, all rather good!

I haven’t had time to read all the output but I clearly have been keeping my eye on the claude prompts and activity! Honestly the delta between yesterday and today is significant from UX point of view, Claude even worked out quite fast from a black box point of view it wasn’t worth the effort to keep hammering away at a probably hopeless position!

I’ll be back!

Has this suddenly changed my views from this mornings blog? not at all. My views on AI and ‘this changes everything’ are complex, because the way I see the world and what AI enables from an attacker point of view, well I also see opportunity from a defender perspective, but I also look at how society, organisation, people and networks work (from a crime and from a defender perspective) and I’m still very much in a:

This is super cool technology, and it will of course only get better and better, but it gets better for attackers and defenders!

I also think fundamentally there’s a large delta between: real life compromises across the world, CTFs, Penetration tests in real environment and test environments etc.

I will however keep challenging my own views, I am going to ( as I have been for months and months) leveraging AI to explore offensive and defensive cyber security.

There’s a bunch of risks with AI that aren’t technical, but that’s for another day! Right now I’m going to go back and re-run the Remote Desktop Protocol “Resistance’ scenario! So I guess, I’ll be back! 😉