Penetration Testing

I’ve been using agentic AI workflows in my security testing for a while now, and at this point I can say it’s the single biggest force multiplier I’ve encountered in offensive security. I’m not talking about asking ChatGPT to write you a Python script. I’m talking about orchestrated, multi-agent workflows with defined roles, custom skills, guardrails, and memory. Doing in a week what used to take a small team several weeks.

I spent about a year and a half doing privacy red teaming at a large tech company. I’m not going to name them but if you follow me it’s not hard to figure out. What I will say is that it fundamentally changed how I think about security testing, and I think there are lessons here that apply broadly to anyone doing offensive security work, especially as privacy regulation and user expectations continue to evolve.

2018 came with a big transition for me, a new opportunity came up that allowed me to pivot into InfoSec full time. Without going into too much detail I’ll be doing a bit of offensive security. This is very exciting for me to say the least.

One of the things I am working on that I have had plans to build out eventually for some time is a home pentesting lab. I’ve managed to setup a multi-core CPU PC with about 32 GB of RAM. I’ve setup a virtual environment using KVM that I plan to be managing with RHEL based tools. For now I’m using the Gnome Boxes and/or virt-manager. My plan is to simulate a fully functional environment networked VM’s to act as an attack range for both known and new exploits that I’ll use for practice or research.