Claude – PwnDefend

Who needs Mythos anyway! Vulnerability ‘fun’ with Unifi

Last night I found a disturbance in the cyber force… a premise that said 3x CVEs (which the vendor scored at 10.0) were alleged to not be 3 routes… this made no sense to me, why would a vendor release 3 CVEs with the MAXIMUM Score (see my last blog) which means: someone can remotely execute code/read data (remember if you leak key materials you can then craft a way to log in so you can get execution in more than one way). So I set off on mission to try and fix the problem; someone might have said something wrong on the internet!

one step closer to Skynet?

Yesterday I ran a pentest against an RDP server, the process was ok but not amazing, I had to provide more help than I would have liked, resource consumption and the idea it should keep going…. wasn’t great. The process and output wasn’t terrible at all but it didn’t blow me away.

So today I wanted to see if Claude could take on as simple active directory lab! Now let’s be clear, there were I think one or two updates to the Claude client in that time! The Claude UI even changed look and feel! So I span up an AD lab I had made a while ago and got to work!

AI as the penetration tester

AI hype is everywhere, and don’t get me wrong, I’m a heavy AI user, I’m creating tools, conducting analysis and using AI constantly these days in my work a research. But I wanted to see, how well does an agent work if we try and give it the whole task to conduct with as minimal help as possible.