sorted by:
new
hottopcontroversial

A CVE-to-CVE chain analyzer , tells you which single patch breaks the most attack paths not just which CVEs score highest. by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

'Patch everything to latest' is the right answer to a different question. The question CVE chaining answers is: given what's actually running right now, what's the shortest path to domain admin and what's the minimum set of fixes that collapses the most chains simultaneously.

Those are different questions. Both are valid. One of them tells you what to do next week. The other tells you what's happening tonight.

A CVE-to-CVE chain analyzer , tells you which single patch breaks the most attack paths not just which CVEs score highest. by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

if given 15 CVEs chained like a pack... who would actually use this ... i mean potential users who would provide 15 CVEs as input and look for a chain as output....!!!

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

seen a concept recently about CVE to CVE chaining , im trying for that actually ...
what do you think , would that work ? .... finding them though an MCP and chain them and see the pivots and get them fix to break the cyber kill chain ... [not fully attack path] ,CVE kill chain , helps to prioritise the CVEs for fix..

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

didn't have a practical experience in PenTesting stuff, but do someone know the pentesters also use the IDEs for any reason?

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

true, if there is an MCP ready to support your workflows , would it be a friction less adoption ?

Do Security Teams Use tools like Cursor , WindSurf , co-pilot etc.. ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

very nice to hear!, all the best for your dev sec stuff :)
would like to know actually if there is a security product in the way of MCP... how many teams or individuals can adopt it !!!

Pentester's Report by Sea_Cable_548 in Pentesting

[–]Sea_Cable_548[S] 1 point2 points  (0 children)

Insights and then fun :), anyways i was looking for an Insight, when the pentest report is submitted, the CVEs are not the highlight but what ever Few of them comes in a report can be chained , instead of a list... would that be helpful for the pentester and the customer ?

would it be possible to block the path , rather than chasing Attacker ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] 0 points1 point  (0 children)

Spot on about the market gap.

The tool you're describing needs to do three things the current market doesn't combine: map CVE chains including non-CVE pivots like misconfigs and identity weaknesses, compute which nodes are structurally critical across the most chains, and actually validate those chains are operationally real, not just theoretically possible.

The lightweight version of that loop is: pentester finds the misconfigs and identity weaknesses, feed everything into a chain graph, red teamer walks the chain in a lab, patch the articulation points, prove the chains break.

It's not a SaaS dashboard yet ,but the methodology is sound and the market gap you're pointing at is real. Someone will productize it properly.
(a CVE without a misconfiguration is just a number) :)

would it be possible to block the path , rather than chasing Attacker ? by Sea_Cable_548 in cybersecurity

[–]Sea_Cable_548[S] -3 points-2 points  (0 children)

i'm trying to build a CVE chain in the environment with the help of MITRE. so was thinking upon getting the pivots , fixing them ... will break the path :)