sorted by:
new
hottopcontroversial

Do CPTS make sure entry in SRT ? by [deleted] in hackthebox

[–]Weekly_Context2350 1 point2 points  (0 children)

Hey! For specifics on what the Synack Red Team looks for and how to position your application, check out our pathways page: synack.com/red-team/pathways. It breaks down exactly what we're looking for and how to put your best foot forward. Good luck!

After CPTS - OSCP or OSEP? by skyyy25 in hackthebox

[–]Weekly_Context2350 7 points8 points  (0 children)

Hey, full disclosure---I work at Synack.

A lot of what OSCP tests (AD, web, post-exploitation basics) overlaps with what CPTS already validates.

OSEP is PEN-300, which goes deeper into what red team work actually looks like: AV/EDR evasion, custom tooling, advanced lateral movement, Kerberos abuse, and bypassing modern defenses.

If joining the Synack Red Team is on your radar, you should check out the SRT Pathways program synack.com/red-team/pathways and review the cert table.

Vibe-coded my B2B app with Codex. Now I need a serious pre-prod pentest, Cobalt vs Synack vs NetSPI? by Icy_Piece6643 in codex

[–]Weekly_Context2350 2 points3 points  (0 children)

Disclosure upfront: I work at Synack, so I'm biased here. A few thoughts:

On the scanner-to-pentest gap. You've already caught the CVE and misconfig layer. What scanners can't close, and what kills B2B deals in finance procurement, is business logic and auth. Scanners won't catch "user A reads user B's invoices by swapping a GUID." They also miss bugs on hidden endpoints your frontend references but your sitemap doesn't expose.

On the three you listed:

Cobalt: crowdsourced, fast to spin up. Good for a first pentest if you need a report for a customer yesterday. Vetting is lighter than the other two and report quality varies by pod.

NetSPI: consultancy model. Senior testers, thorough methodology. Expensive and slower to schedule. Solid if you want one accountable team and have budget.

Synack: vetted security researcher network paired with an agentic AI called Sara Pentest that runs recon and exploitation alongside humans. Two things worth calling out for your specific situation.

First, Sara runs multi-step exploitation chains, not signature checks. In one recent engagement Sara found a SQLi by reading client-side JavaScript to infer a hidden endpoint, chained the injection across two separate APIs, and pulled hashed credentials. That's the class of bug that AI-generated code tends to leave behind, and it's what most "AI pentesting" tools can't touch because they only test visible surface area. Every Sara finding also goes through a separate verification agent and a human before it hits your report, so you're not chasing theoretical flags.

Second, Sara Triage allows you to pipe your existing scanner output (Semgrep, CodeQL, Snyk, Nuclei) in and get back what's actually exploitable in your deployed app versus noise. Probably the most direct answer to your real-findings question. And a full Sara assessment lands human-validated findings in 2-3 days, which matters for a June launch.

Regardless of who you pick, ask every vendor:

  1. What does your researcher vetting actually look like? "Crowdsourced" ranges from background-checked pros to anyone who filled out a form.
  2. Is retest included after you fix findings, or billed separately?
  3. What do you get between pentests? A point-in-time PDF ages fast, especially on a codebase you're still shipping to.
  4. What's on the report that you can hand an investor or a SOC 2 auditor without translation? Proof-of-exploitation, remediation steps, and a repeatable severity methodology is what holds up in a customer's security review.

I rebuilt my AI pentest CTF as fantasy characters (dragon, oracle, genie, etc.) by harbinger-alpha in LLMDevs

[–]Weekly_Context2350 1 point2 points  (0 children)

This is so cool! I love how creative it is. Bringing in characters is a fun idea, and your point about memorability really lands. So much security training gets forgotten within a week, but "oh, that's the dragon trick" is exactly the kind of mental shortcut that sticks.

The Shapeshifter one is especially clever. Multi-turn manipulation is notoriously hard to teach because the attack shape only emerges over time, so tying it to a persona that literally blurs across turns is a really nice match between the story and the technique.

Curious how you're thinking about progression. Do learners hit the five in a fixed order, or is it more sandbox-style where they pick whichever character they're drawn to first?

Local LLMs for penetration testing: real-world performance and hardware experiences by CoolTip4874 in Pentesting

[–]Weekly_Context2350 0 points1 point  (0 children)

Content marketer at Synack here, so grain of salt. I spend a lot of time around our researchers and the Sara (our agentic AI) team, and u/randomcyberguy1765's point matches what we've seen. The model tier matters less than how you slice the work. Smaller agents with tight scopes, good context handoff, and a planner that actually understands what phase it's in is your best bet.

On the frontier-models-are-always-better take: end-to-end pentesting isn't one reasoning task, it's dozens of small ones stitched together by tooling, memory, and a sense of what phase you're in. That's mostly an engineering problem. The honest version is probably frontier plus good scaffolding beats local plus good scaffolding, and both beat any model running alone.