Latest news with #penetrationtesting
Geeky Gadgets
6 hours ago
- Geeky Gadgets
Hak5's WiFi Pineapple Pager : Cybersecurity Tool Combines Retro with Cutting-Edge Tech
What if the tools of tomorrow could evoke the spirit of yesterday? Imagine holding a device that not only enables you with innovative technology but also transports you back to the neon glow of the 1990s hacker culture. Enter the WiFi Pineapple Pager, Hak5's latest innovation celebrating 20 years of pushing the boundaries of cybersecurity. This compact, retro-inspired device isn't just a nod to nostalgia—it's a fully functional powerhouse designed to tackle modern wireless network challenges. Whether you're a seasoned penetration tester or a curious newcomer, the WiFi Pineapple Pager promises to be more than just a tool; it's a statement of how far the hacking community has come while honoring its roots. In this overview, you'll discover how the WiFi Pineapple Pager merges state-of-the-art performance enhancements with a design that pays homage to the iconic pagers of the '90s. From its multi-band WiFi support and Bluetooth connectivity to its intuitive RGB controls, buzzer, vibration motor, and standalone portability, this device redefines what's possible in wireless penetration testing. But it's not all about functionality—its retro aesthetic and customizable features bring a sense of personality and creativity to the table. What makes this device such a fantastic option for cybersecurity professionals and enthusiasts alike? Let's explore how Hak5 has managed to blend innovation with nostalgia in a way that feels both fresh and familiar. WiFi Pineapple Pager Overview Key Features of the WiFi Pineapple Pager Multi-band WiFi Support: Operates seamlessly across 2.4 GHz, 5 GHz, and 6 GHz bands with 802.11 a/b/g/n/ac/ax support, ensuring compatibility with modern wireless networks and devices. Operates seamlessly across 2.4 GHz, 5 GHz, and 6 GHz bands with 802.11 a/b/g/n/ac/ax support, ensuring compatibility with modern wireless networks and devices. Bluetooth Connectivity: Supports Bluetooth 5.2 and low-energy BTLE 4.2 wireless technology for expanded hacking capabilities and device integration. Supports Bluetooth 5.2 and low-energy BTLE 4.2 wireless technology for expanded hacking capabilities and device integration. Payload Execution: Runs Hak5's DuckyScript™, Bash, and Linux-based tools to execute complex attacks and automate workflows. Runs Hak5's DuckyScript™, Bash, and Linux-based tools to execute complex attacks and automate workflows. Enhanced Usability: Features RGB LED 4-way D-pad buttons, a vivid 2.4-inch 480 × 222 pixel LED color display (221 PPI) with wide viewing angles, buzzer, and vibration motor for feedback and alerts. Features RGB LED 4-way D-pad buttons, a vivid 2.4-inch 480 × 222 pixel LED color display (221 PPI) with wide viewing angles, buzzer, and vibration motor for feedback and alerts. Portability: Standalone operation with a secure integrated clip for field ops, USB expansion for custom mods, and integrated USB-C Ethernet adapter for direct LAN access. Standalone operation with a secure integrated clip for field ops, USB expansion for custom mods, and integrated USB-C Ethernet adapter for direct LAN access. Serviceable Battery: 2000 mAh LiPo with BMS, USB-C charging, and LED charge indicator. 2000 mAh LiPo with BMS, USB-C charging, and LED charge indicator. Real-Time Clock: Persistent clock with battery backup for consistent timestamps. Performance Enhancements for Advanced Users 8th Generation PineAP Engine: Over 100× faster than previous generations, rebuilt from the kernel up for superior performance in crowded RF environments. Over 100× faster than previous generations, rebuilt from the kernel up for superior performance in crowded RF environments. Optimized Kernel Filters: Improves efficiency in handling complex network operations. Improves efficiency in handling complex network operations. Database Upgrade: Replaces traditional SQL with a faster, more efficient alternative for logging and analysis. These improvements make the WiFi Pineapple Pager particularly effective for vulnerability assessments, wireless penetration testing, OSINT gathering, and real-time monitoring—completely untethered from a computer. Introducing WiFi Pineapple Pager by Hak5 Watch this video on YouTube. Uncover more insights about hacking in previous articles we have written. Design Rooted in 1990s Hacker Culture The WiFi Pineapple Pager is more than just a technical tool; it is a tribute to the hacker culture of the 1990s. Its design draws inspiration from neon pagers and iconic media of that era, including the cult classic film Hackers. This retro aesthetic is seamlessly integrated with modern functionality, creating a device that bridges the gap between past and present. Additional design elements include customizable ringtones, RGB LEDs, and full root access for advanced customization. Its fully hackable nature supports themes, hardware mods, and payload triggers that can be configured to respond to specific network events. Celebrating 20 Years of Hak5 Innovation The release of the WiFi Pineapple Pager marks a significant milestone for Hak5, celebrating two decades of innovation and community building. Over the past 20 years, Hak5 has established itself as a trusted name in cybersecurity, known for its innovative tools and resources that empower users to explore and expand the boundaries of technology. This latest device exemplifies Hak5's mission to merge technical expertise with creativity. By combining advanced features with a nostalgic design, the WiFi Pineapple Pager highlights the evolution of hacking technology while encouraging users to push the limits of what is possible. It stands as a testament to Hak5's commitment to fostering an inclusive and collaborative hacker community. Availability and Pre-Order Details The WiFi Pineapple Pager made its debut at Defcon, where it garnered significant attention from the hacking community. Pre-orders are now open, with the first batch of devices expected to ship later this year. Interested users can secure their device through Hak5's official website. Whether you're a professional penetration tester, a cybersecurity enthusiast, or a hobbyist exploring the world of hacking, the WiFi Pineapple Pager offers a compelling mix of performance, portability, and nostalgia. Its advanced capabilities, combined with its thoughtful design, make it an invaluable addition to any hacker's toolkit. Media Credit: Hak5 Filed Under: Gadgets News, Hardware, Top News Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Yahoo
3 days ago
- Business
- Yahoo
Synack Launches Agentic AI Architecture with Human-in-the-Loop to Transform PTaaS
New hybrid intelligence platform leverages 13 years of penetration testing innovation to deliver proactive security validation for the era of AI-powered attackers REDWOOD CITY, Calif., Aug. 11, 2025 /PRNewswire/ -- Synack, a pioneer in offensive security innovation, today unveiled its agentic AI architecture, Sara (Synack Autonomous Red Agent). Sara enhances Synack's premier Penetration Testing as a Service (PTaaS) platform to deliver proactive, risk-based security validation featuring a human-in-the-loop approach. By fusing autonomous AI capabilities with the expert human analysis of the Synack Red Team, organizations can autonomously reduce risk across their attack surface. As threat actors increasingly adopt AI to develop, optimize and scale attacks, defenders must respond in kind. This next-generation platform embodies an AI-versus-AI model, where AI-powered validation—supervised and guided by human judgment—counters machine-driven reconnaissance and attacks. The result is a powerful, adaptive solution that mirrors real-world adversary behavior while minimizing risk and false positives. "Security teams are no longer just fighting humans—they're defending against AI-enhanced adversaries," said Dr. Mark Kuhr, Synack co-founder and CTO. "With our Sara agentic AI and human-in-the-loop model, we equip defenders with the same level of intelligence and speed, turning the tables in this era of AI-versus-AI cybersecurity." The Sara agentic AI architecture delivers scalable, adaptable assessment of attack surface risk. Sara Triage, a core component of Synack's new Active Offense product, is available immediately to provide autonomous triage of discovered vulnerabilities, validating those that are truly exploitable. Sara Pentest will follow later this year to conduct full-scope, objective-based penetration tests in concert with the Synack Red Team. Sara's human-in-the-loop architecture ensures discovery of logic flaws, chained exploits and nuanced vulnerabilities, bridging the gap between automated detection and human intuition. The model's other benefits in the Synack platform include: Integrated Management of Human and Agent Testing: Human researchers and agents collaborate to reduce attack risk in one centralized interface. Scalable Human-in-the-Loop Analysis: 1,500+ security researchers are available on-demand for human analysis of AI-discovered findings. Agent Thinking Visibility: Easily review agentic AI decisions, including detailed 'proof of exploitability' information. Rapid Attack Surface Coverage: Flexibly deploy agent and human testing across the managed attack surface. Reporting and Analytics: Access real-time and historic analysis of agentic and human-led testing results to understand vulnerability root cause and drive corrective action. Synack's AI-powered PTaaS platform aligns with modern security programs like Continuous Threat Exposure Management (CTEM) and supports global compliance frameworks. Its native integrations with Security Information and Event Management (SIEM), External Attack Surface Management (EASM), vulnerability management and ticketing systems help teams operationalize penetration testing findings in real time. To learn more about how Synack's PTaaS platform powered by Sara keeps pace with AI-enabled threats, please visit About Synack Synack is the leader in human-led and AI-powered Penetration Testing as a Service (PTaaS), transforming offensive security to help organizations proactively reduce risk, stay compliant and defend against evolving cyber threats. We are committed to making the world more secure by harnessing agentic AI innovations and a talented, vetted community of security researchers to deliver continuous penetration testing and autonomous vulnerability management. Founded by former NSA operatives, Synack has enabled nearly 10 million hours of expert testing to protect critical assets, from global financial systems to U.S. Defense Department networks. Learn more at View original content to download multimedia: SOURCE Synack
Yahoo
3 days ago
- Business
- Yahoo
Synack Unveils Active Offense Agentic AI Solution to Validate Exploitable Vulnerabilities
Sara Triage brings autonomous vulnerability analysis to Synack's Penetration Testing as a Service (PTaaS) platform REDWOOD CITY, Calif., Aug. 11, 2025 /PRNewswire/ -- Synack, a leader in offensive security innovation, today announced the launch of Active Offense powered by the Sara (Synack Autonomous Red Agent) AI architecture. Active Offense, now integrated into the Synack PTaaS platform, leverages autonomous validation to help organizations quickly identify exploitable vulnerabilities that represent real risk. Security teams are increasingly overwhelmed by high volumes of vulnerability data, even as industry research shows most breaches exploit known software flaws. Active Offense autonomously validates scanner output, identifying which vulnerabilities pose exploitable threats in real-world conditions and sending that signal to the teams that need it. "As attackers use agentic AI tools to rapidly identify and automatically exploit vulnerabilities, defenders need their own AI to keep up at machine speed," said Synack CTO and co-founder Mark Kuhr. "Active Offense levels the playing field for security teams fighting the next generation of threats by delivering autonomous offensive security at scale." Active Offense brings together the Synack PTaaS Platform, Attack Surface Discovery and Sara Triage—its AI-driven component that delivers proof-based validation—to rapidly confirm exploitable risk. Its scalable, human-in-the-loop model escalates targeted vulnerabilities to the Synack Red Team, a global community of 1,500+ elite security researchers, for expert review. This approach enables security teams to easily go from visibility and analysis to corrective action, all in one platform. Caption: Sara Triage Dashboard from the Synack Platform "With Active Offense, security teams receive daily prioritized reports helping them shift the focus from 'what might be exploitable?' to 'what is exploitable and needs action now?'" said Jeff Barker, Synack SVP for product management. "It adds a smarter, goal-driven analyst that increases coverage, accelerates remediation and measurably reduces risk." Key Active Offense benefits include: Continuous attack surface visibility: Self-service and always-on discovery and analysis ensure an accurate view of even the most dynamic attack surfaces. Reduced analyst workload and increased efficiency: World-class Synack validation and prioritization of vulnerabilities eliminates the need for redundant review and allows teams to focus on real, exploitable threats. Accelerated remediation of critical risks: Continuous exploitability assessment surfaces critical vulnerabilities, delivering high-confidence, verified findings Enhanced value from existing vulnerability detection: Enriched scanner output with real-world exploit intelligence, asset context, and threat data improves prioritization without requiring new tools or disrupting workflows. Seamlessly integrated with Synack's PTaaS platform: Scalable human-in-the-loop analysis proactively eliminates noise, validates threats and reduces risk. To learn how Active Offense can help organizations stay ahead of emerging threats by speeding up vulnerability detection and remediation, visit About Synack Synack is the leader in human-led and AI-powered Penetration Testing as a Service (PTaaS), transforming offensive security to help organizations proactively reduce risk, stay compliant and defend against evolving cyber threats. We are committed to making the world more secure by harnessing agentic AI innovations and a talented, vetted community of security researchers to deliver continuous penetration testing and autonomous vulnerability management. Founded by former NSA operatives, Synack has enabled nearly 10 million hours of expert testing to protect critical assets, from global financial systems to U.S. Defense Department networks. Learn more at View original content to download multimedia: SOURCE Synack Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Forbes
15-07-2025
- Forbes
The Rise—And Risk—Of AI In Offensive Security
Gunter Ollmann is a global cybersecurity innovator with decades of experience, patented tech and leadership across 80+ countries. Offensive security tools, which are designed to proactively identify threats and vulnerable attack vectors before they occur, have long been exploited by threat actors. AI is, unfortunately, perpetuating the issue and, in particular, is making social engineering easier since it empowers criminals with native language capabilities, supercharging their effectiveness. But AI is also working to the defender's advantage by shaking up the traditional penetration testing sector, which once centered on "breadth," e.g., identifying as many vulnerabilities as possible using scanners and automated tools, so that it has now evolved into full-scale attack and breach simulation. This capability effectively puts the defenders in the attacker's "shoes" so they replicate the tactics of threat actors to help organizations understand how far an attacker could infiltrate their systems. How AI Enhances Offensive Security While Introducing New Risks As with most things AI-related, innovation is a double-edged sword. As tools improve, they benefit not only defenders but also attackers. For defenders, tools that once required manual triage are now equipped with AI that can scan, correlate and validate vulnerabilities. For instance, when different scanners return conflicting information, AI can determine which findings are likely false positives, saving human analysts hours of triage. Now, instead of sifting through lengthy lists of potential issues, testers can focus on what truly matters: issues that are exploitable and impactful. For attackers who used to rely heavily on manual efforts to gather intelligence on targets, they can now use AI to mine the internet, analyze social networks, access data dumps and even build virtual personas that can infiltrate private online communities. These personas can be tailored to a specific user's interests—we have seen train hobbyists targeted and used to establish trust before delivering a targeted phishing link or malware payload. These AI-generated personas may join relevant forums, interact with the target over time and build credibility in a way that was previously too labor-intensive to execute. AI also plays a major role in passive reconnaissance. Oftentimes, attackers don't even need to touch a target system and can use AI to collect extensive intelligence about an organization from public and semi-private sources. For example, it can determine which individuals have administrative access, what systems are publicly exposed and what historical vulnerabilities exist. This reduces the need for noisy scans and increases the chances of a successful, undetected breach. But of course, defenders can use these capabilities too, hence an ongoing game of "cat and mouse" between red teamers and threat actors. Evaluating Offensive Security Vendors AI without human expertise generates "noise," particularly hallucinations, which throw false positives and negatives into the mix, so it needs highly skilled experts who know how to interpret the findings and use the tools effectively. This pool exists as the discipline has evolved from an "art" into a "science," where a global community of elite testers all perform to the same standardized methodologies and regulatory standards. This has helped streamline the logistics of launching high-quality tests quickly, enabling better remediation, retesting and translation of findings into business-relevant language for developers and executives. With organizations assured of consistency across processes, it's up to vendors to differentiate on their ability to simulate modern threats, collaborate closely with internal teams and provide testing agility. Features such as retesting, contextual reporting and access to global talent pools are also critical. Humans Versus AI Pentesting has evolved from a niche security function to a broad organizational priority. Reports no longer go just to security teams; they are reviewed by engineering leaders, product owners and other business stakeholders. Findings are now written in context for the end audience, and AI helps facilitate this translation, ensuring that vulnerabilities are understood and fixed by the right teams. This ensures not only a faster resolution but also that development teams remain focused on delivering secure code from the outset. The biggest question facing the industry is whether AI will replace pentesters. The answer is "yes" for traditional average pentesting and "no" at the top end. AI can excel at automating routine tasks, but skills like red teaming at the highest level are a human endeavor. Elite testers bring knowledge of the best tools to use and the experience that can't be replicated by algorithms. We're seeing that currently, the best results come from hybrid teams where AI handles repetitive, data-intensive tasks and human experts focus on strategy, interpretation and innovation. This is a continuation of a long-term trend whereby so-called "tier one" security analysts were automated some ten years ago. It means smaller teams can achieve more with routine tasks such as scanning, correlation and log analysis handled by AI, while expert humans focus on complex and strategic areas. Cybersecurity Is About People AI is revolutionizing offensive security, bringing with it both immense promise and considerable peril. The tools of the trade have evolved, and so too must the people and processes that govern them. As the attacker-defender arms race accelerates, the role of AI will only grow. But in the end, cybersecurity is still about people. Penetration testing and Red Teaming are driven by highly skilled individuals who understand how adversaries think, and they leverage AI as a tool to sharpen their edge. The adversaries are human—and so too must be the defenders. To truly stay ahead, organizations need to blend elite research talent with smart technology and never lose sight of the human element that defines success in security. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
TechCrunch
28-05-2025
- Business
- TechCrunch
Security startup Horizon3.ai is raising $100M in new round
a cybersecurity startup that provides tools like autonomous penetration testing, is seeking to raise $100 million in a new funding round and has locked down at least $73 million, the company revealed in an SEC filing this week. NEA led the round, according to two people familiar with the deal. One person said that the startup is believed to be valued upward of $750 million, although TechCrunch couldn't verify whether that valuation is pre- or post-money. Another person believes the company did (or will) sell the whole $100 million, and added that the company is generating about $30 million in annual recurring revenue. Neither Horizon, nor NEA responded to TechCrunch's requests for comment. With this deal, becomes NEA's second major cybersecurity startup investment in less than a month, following Veza's $108 million funding round at an $800 million valuation announced in April. In August 2023, raised $40 million in a Series C round led by Craft Ventures with participation from SignalFire. That round brought the startup's total fundraising to $78.5 million and was aimed to expand its R&D, channel presence, and team of engineers, co-founder CEO Snehal Antani told TechCrunch at the time. Founded in 2019, comprises a team of former U.S. Special Operations cyber operators, entrepreneurs, and cybersecurity experts. Before launching the startup, Antani served as CTO at Splunk and led teams within the U.S. Military's Joint Special Operations Command. With all things AI being deployed across the tech world, AI-powered automated attacks are also on the rise. The San Francisco-based startup helps protect against such attacks with its autonomous threat detection tools. Earlier this month, received FedRAMP authorization, enabling it to sell its wares to federal agencies. It also announced in February that it saw 101% year-on-year revenue growth and exceeding 150% of its Q4 pipeline targets, without sharing specific numbers.
