Level: Tehnical

Abstract:
The focus of this presentation is the not so distant future. We are about to witness the death and rebirth of penetration testing, where the typical pentester shifts from a manual worker to a tool user, and finally to an “operator mode.” We saw pentesting emerge as a mostly manual discipline, then tools took over, and now we are entering a new era.
In this talk, I will demonstrate a “light” version of an AI agent. It doesn’t have every complex component of a full agent, but it has enough logic to do real pentesting jobs. I will show this software performing fully automated Linux privilege escalation. Then, we will use the same concept to automate OSINT tasks.
This might not sound like a huge innovation, since automation tools have existed for years. However, when you apply this concept to new problems and introduce an orchestrator, you get “hacking at scale.” This sounds optimistic, but it is already reality. The recent paper from Anthropic about “AI-orchestrated cyber espionage campaigns” shows that threat actors are already using this at scale. The bad guys are shifting to “Pentest Operator” mode. In this presentation, I will explain why this transition is inevitable and show you how it works in practice.

Technical Breakdown & Demos:
Agent Architecture: A look at the “light” agent logic and how it parses command output to make autonomous decisions without human input.
Auto-Privesc (Demo): The agent is dropped into a low-privilege Linux environment. We will watch it enumerate SUID binaries, kernel versions, and misconfigurations, select an exploit, and execute it to gain root.
Cognitive OSINT (Demo): Moving beyond scraping, the agent analyzes data and provides a nice report.
The Orchestrator: How these individual agents can be managed in a swarm to cover massive infrastructure simultaneously.

Bio:
Danijel Grah has over ten years of experience in cybersecurity. He began his career as a consultant before transitioning into research and later joined NIL (part of Conscia Group) as a Cyber Security Analyst in the Security Operations Center (SOC)/MDR. He eventually returned to Offensive Security and now serves as a Technical Lead. Danijel brings extensive expertise in penetration testing, security hardening, programming, consulting, and the development of cyber defense systems. He has published and presented research at various international information security conferences and has confirmed his knowledge and experience with industry certificates, such as GRID, GCFR and CRTO.

Posted on Friday, February 27th, 2026 at 12:07 pm in talks | rss feed for comments| Responses are currently closed, but you can trackback from your own site.