Do you ever struggle to keep up with the cyber world? Not everyone is plugged into the internet 24/7 as some people (I swear I get offline sometimes!) so keeping up to date with the cyber world can be pretty tricky! Also who has time to read everything? no one that’s who! But what about if we used an LLM to read things for us and then give us an update? Well here’s an example of this!
Read more “Using AI in a positive (non scary) way”
Yesterday I ran a pentest against an RDP server, the process was ok but not amazing, I had to provide more help than I would have liked, resource consumption and the idea it should keep going…. wasn’t great. The process and output wasn’t terrible at all but it didn’t blow me away.
So today I wanted to see if Claude could take on as simple active directory lab! Now let’s be clear, there were I think one or two updates to the Claude client in that time! The Claude UI even changed look and feel! So I span up an AD lab I had made a while ago and got to work!
AI hype is everywhere, and don’t get me wrong, I’m a heavy AI user, I’m creating tools, conducting analysis and using AI constantly these days in my work a research. But I wanted to see, how well does an agent work if we try and give it the whole task to conduct with as minimal help as possible.
Read more “AI as the penetration tester”
This document is the first annual report (dated December 2025) by Jonathan Hall K.C., the Independent Reviewer of State Threats Legislation, appointed in February 2024. It reviews the operation of Parts 1 and 2 of the National Security Act 2023 (NSA), which came into force on 20 December 2023, along with related border powers under Schedule 3 to the Counter-Terrorism and Border Security Act 2019. The review assesses whether the new laws effectively counter state threats (malign activities by foreign powers below the threshold of armed conflict) while avoiding excessive overreach, protecting rights, and ensuring proportionality.
Read more “Summary of “The National Security Act in 2024” Report”
Over the last month I’ve been using GROK heavily to see if it can be used to create products and services to help people with cyber security challenges. Now you might wonder how far you can get with notepad (ok I used vscode because I’m on a Mac right now!) and GROK. Basically I’ve not written a single line of code! Not one! Do you want to see what mrr3b00t + AI has created?
Read more “Vibe Coding Tools & Educational Cyber Games”
Ok, it’s late, and well I wanted to look into cyber attacks where social engineering is a key component combined with technical hacking skills.
There’s been a growing number of these style events, so I tasked GROK to create an assessment for me, let’s see how it did! Let’s both try and answer the questions:
Can GROK replace intelligence officers and can GROK help us defend better against social engineering + technical attacks? What do you think? (please take all of this with a pinch of salt… LLMs are known to make mistakes/hallucinate/lie in a very convincing manner)….
they look nice…. but looks can as we know, be deceiving! (is the entire blog just a social engineering experiment by me?)
Read more “Can AI replace intelligence analysts?”