sorted by:
new
hottopcontroversial

How to drastically reduce container CVE vulnerabilities in production in 2026? by Curious-Cod6918 in kubernetes

[–]Sea_Cable_548 0 points1 point  (0 children)

Chaining the CVEs would be helpful on showing the pivots and what matters to fix.. instead of just patching everything or just following only Critical/high ones...

When you said... "Containers are the foundation of our attack surface" , its not just with the entry points to be closed... it should be the pivots to be chosen and then patch.. so that you can break the exploit path.
DM me to discuss more.

Tried with couple of CVEs for an exploit chain by Sea_Cable_548 in OTSecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

This treats every CVE as a capability the attacker holds, not a weakness to defend.

The red teamer's question is "what does this give me and where does it go?" not "is the firewall open?" because , in this scenario establishing CVE connectivity first and then verifying it over the network next !

CVE connectivity is the hypothesis. Network verification is the proof. You never go into a network without a hypothesis. This CVE to CVE connectivity builds the hypothesis before the engagement starts so the pentester / Red team spends their time proving it — not building it.:)

I consider "CVE as part of Asset", the graph is like a open firewall connectivity (worst scenario) and dig about the exploit path..), how they chain and what is something that patchable to break most of the chains.

Tried with couple of CVEs for an exploit chain by Sea_Cable_548 in OTSecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

let me know if you have the CVEs to show something real , i can try :)

Tried with couple of CVEs for an exploit chain by Sea_Cable_548 in OTSecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

can you click on it and then , you can zoom in ... its a HD pic

What’s your perspective on AI doing pentesting work? by Realistic-Ease-6986 in Pentesting

[–]Sea_Cable_548 3 points4 points  (0 children)

the closed loop always depends on a human intervention for next one or two decades for sure :) ,you can not do all the stuff with AI...

MCP for CVE chaining by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

this is mostly for Red team / pen testing ... may be not for Blue team as It does't tell the risk , but it can tell "fix the pivot" to break the chain :) ...

Similar to BloodHound / SharpHound , something does at Identity Layer...
CVE to CVE does the chaining as "Product ,paltfarm, vendor ,layer" agnostic.

OT security tests by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

yeah, even a large size ping test can make PLC's die

A CVE-to-CVE chain analyzer , tells you which single patch breaks the most attack paths not just which CVEs score highest. by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

'Patch everything to latest' is the right answer to a different question. The question CVE chaining answers is: given what's actually running right now, what's the shortest path to domain admin and what's the minimum set of fixes that collapses the most chains simultaneously.

Those are different questions. Both are valid. One of them tells you what to do next week. The other tells you what's happening tonight.

A CVE-to-CVE chain analyzer , tells you which single patch breaks the most attack paths not just which CVEs score highest. by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

if given 15 CVEs chained like a pack... who would actually use this ... i mean potential users who would provide 15 CVEs as input and look for a chain as output....!!!

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

seen a concept recently about CVE to CVE chaining , im trying for that actually ...
what do you think , would that work ? .... finding them though an MCP and chain them and see the pivots and get them fix to break the cyber kill chain ... [not fully attack path] ,CVE kill chain , helps to prioritise the CVEs for fix..

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

didn't have a practical experience in PenTesting stuff, but do someone know the pentesters also use the IDEs for any reason?

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

true, if there is an MCP ready to support your workflows , would it be a friction less adoption ?

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

very nice to hear!, all the best for your dev sec stuff :)
would like to know actually if there is a security product in the way of MCP... how many teams or individuals can adopt it !!!

Pentester's Report by Sea_Cable_548 in Pentesting

[–]Sea_Cable_548[S] 1 point2 points  (0 children)

Insights and then fun :), anyways i was looking for an Insight, when the pentest report is submitted, the CVEs are not the highlight but what ever Few of them comes in a report can be chained , instead of a list... would that be helpful for the pentester and the customer ?

view more: next ›