Null Hyderabad - March 2026 Meet

Series: Null Hyderabad · Updated: 2026-03-30

Quick Snapshots From the Meetup

News byte: The March Null Hyderabad meetup opened with a news byte segment that touched on a range of recent threats, incidents, and security themes. Among the items mentioned were the Glassworm attack, the Trivy vulnerability scanner injection issue, and tool references such as Trajan (a CI/CD vulnerability detection and attack automation tool), Hyoketsu (an open-source tool for security researchers), and Server Survival (a tower defense game that teaches cloud architecture).

First talk: Threat intelligence. The first main talk focused on threat intelligence, with a practical lens on how to make sense of threats rather than just collect indicators. A key part of the discussion was the use of the MITRE ATT&CK framework to map adversary behavior in terms of tactics, techniques, and procedures. The talk also distinguished between strategic, tactical, and technical intelligence, helping frame how different kinds of intelligence serve different audiences and purposes. Another concept that stood out was the Pyramid of Pain, a conceptual framework developed by David Bianco in 2013 and used in cybersecurity to categorize indicators of compromise (IOCs).

Second talk: Autonomous attack chains. The second talk moved into the emerging area of autonomous attack chains using LLM-driven pentesting agents. The discussion explored how large language models can be incorporated into offensive security workflows, potentially automating parts of reconnaissance, chaining findings, and assisting with exploitation paths.

Third talk: Threat modelling. The third talk covered threat modelling, bringing attention back from live threats and tooling to more structured security thinking. Different frameworks were referenced for different dimensions of the problem: OCTAVE for thinking through assets and organizational risk, PASTA for attacker-centric analysis, and STRIDE for reasoning about software threats in a systematic way.

Topics That Triggered Further Exploration for Me

Two topics stayed with me and pushed me to explore further after the meetup.

What concerned me was not just the idea of jailbreaks against mainstream models, but the possibility that attackers may bypass that problem entirely by starting with open models that are already permissive, or by fine-tuning capable open-weight models to reduce refusals and improve cyber-task performance. There are now openly discussed cyber-focused models described as uncensored or optimized for offensive security tasks, such as DeepHat.

This led me to a couple of questions:

Is the real danger uncensoredness, or capable cyber fine-tuning plus tool use?
Should defenders track uncensored cyber LLMs the way they track exploit kits or malware-as-a-service trends?

The second topic I kept coming back to was whether there is a clean MITRE ATT&CK mapping for quantum attacks.

Questions worth exploring here include:

Should "quantum attacks" be treated as new ATT&CK techniques, or mostly as amplifiers of existing ones?
Which migration failures are most ATT&CK-like: downgrade, legacy fallback, certificate misuse, or weak crypto discovery?
Can harvest now, decrypt later be operationalized in ATT&CK terms, or is it better handled as a strategic risk outside ATT&CK?
How should defenders map post-quantum transition gaps into detection engineering and threat modeling?