Alex :nonbinary_flag:<p>A friend is looking for an ICS pentesting gig in the UK. He has lots of experience in maritime, power, water, gas OT & SCADA.</p><p>He's also excellent on internal inf / red team especially when there's an OT element to the org and you need a safe pair of hands.</p><p>If you have any leads please message me and I'll hook you up.</p><p><a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/FediHire" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediHire</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
269active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.0
#pentest
2 posts · 2 participants · 0 posts today
Jack Rendor<p>Hi everyone! I recently released 3 blog posts! <br>All of them are writeups on CTFs where I make some scripts and tools in bash and golang!</p><p>I'll leave you the link of the blog posts and if you have any suggestions or interact with me, don't hesitate to comment or DM me! </p><p>I hope you all can enjoy reading them!</p><p><a href="https://blog.jackrendor.dev/posts/tryhackme-securityfootage/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.jackrendor.dev/posts/tryh</span><span class="invisible">ackme-securityfootage/</span></a></p><p><a href="https://blog.jackrendor.dev/posts/tryhackme-bugged/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.jackrendor.dev/posts/tryh</span><span class="invisible">ackme-bugged/</span></a></p><p><a href="https://blog.jackrendor.dev/posts/tryhackme-eavesdropper/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.jackrendor.dev/posts/tryh</span><span class="invisible">ackme-eavesdropper/</span></a></p><p><a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/penetrationtest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>penetrationtest</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>informationsecurity</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/bash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bash</span></a> <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a></p>
LMG Security<p>Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.</p><p>748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.</p><p>Attackers can:<br>• Gain unauthenticated admin access<br>• Pivot to full remote code execution<br>• Exfiltrate credentials for LDAP, FTP, and more<br>• Move laterally through your network</p><p>Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.</p><p>Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.</p><p>Need help testing your network for exploitable print devices? Contact us and our pentest team can help!</p><p>Read the Dark Reading article for more details on the Brother Printers vulnerability: <a href="https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/endpoint-secur</span><span class="invisible">ity/millions-brother-printers-critical-unpatchable-bug</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/PrinterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrinterSecurity</span></a> <a href="https://infosec.exchange/tags/BrotherPrinters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrotherPrinters</span></a> <a href="https://infosec.exchange/tags/CVE202451978" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202451978</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a></p>
r1cksec<p>How Mouse Without Borders can be use lateral movement and data exfiltration🕵️♂️ </p><p><a href="https://0xsultan.github.io/dfir/Exfiltrate-Without-Borders" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">0xsultan.github.io/dfir/Exfilt</span><span class="invisible">rate-Without-Borders</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a></p>
Yogthos<p>LLM as Hackers: Autonomous Linux Privilege Escalation Attacks with AI Agents.</p><p><a href="https://arxiv.org/pdf/2310.11409v4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arxiv.org/pdf/2310.11409v4</span><span class="invisible"></span></a></p><p><a href="https://social.marxist.network/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://social.marxist.network/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://social.marxist.network/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://social.marxist.network/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://social.marxist.network/tags/LLM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLM</span></a></p>
r1cksec<p>A post about malware development essentials and myths🕵️♂️ </p><p><a href="https://blog.deeb.ch/posts/maldev-myths" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">blog.deeb.ch/posts/maldev-myths</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a></p>
r1cksec<p>A post about how to bypass Microsoft Defender for Identity (MDI) by adjusting ciphers in Certipy's PKINIT requests🕵️♂️ </p><p><a href="https://research.aurainfosec.io/pentest/modifying-certipy-to-evade-mdi-pkinit-detection/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">research.aurainfosec.io/pentes</span><span class="invisible">t/modifying-certipy-to-evade-mdi-pkinit-detection/</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a></p>
Ciarán McNally<p>How do people feel about reissuing a pentest report with all your good findings removed (post retest/remediation)? </p><p>I hate the idea my reports could be shown to third parties, minus all the good critical/high findings. <br><a href="https://mastodon.ie/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.ie/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a></p>
LMG Security<p>AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney <span class="h-card" translate="no"><a href="https://infosec.exchange/@baybedoll" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>baybedoll</span></a></span> shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.</p><p>From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.</p><p>Read now: <a href="https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lmgsecurity.com/are-your-ai-ba</span><span class="invisible">cked-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PromptInjection</span></a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIsecurity</span></a> <a href="https://infosec.exchange/tags/WebAppSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAppSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/LLMvulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLMvulnerabilities</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a></p>
0x40k<p>So, a client hit me with this today: "We've got tons of security tools, so we *must* be safe, right?" My face: 😅 If only it were that simple...</p><p>Here's a wild stat for you: a staggering 61% of companies have been breached, even though they're juggling an average of 43 security tools. This just goes to show, piling on more tools doesn't automatically boost your security. What's the real game-changer? It's all in the **configuration!**</p><p>As a pentester, I see this scenario play out constantly. Businesses will pour money into the latest and greatest tools, but then the foundational stuff? Often overlooked. Seriously, getting regular pentests (and I'm talking thorough ones, not just some automated scans!) is absolutely vital. Plus, "Security by Design" isn't just a trendy phrase; it’s a mindset you actually have to live and breathe.</p><p>Over to you: what are the most common security tool configuration blunders you've come across? And on the flip side, which tools are your saviors for getting things optimized? Let's hear it!</p><p><a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/Fail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fail</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p>
0x40k<p>IoT devices turned into DDoS slaves? 🤖 Sounds wild, right? But it's totally true! Think GeoVision, Samsung... and that's just scratching the surface, really. Those End-of-Life devices? They're practically a free-for-all for botnet operators. Mirai sends its regards! 😈</p><p>So, what's the big deal? Well, IoT gadgets often have lousy security, and updates? Forget about 'em! Automated scans? They barely scratch the surface. If you want real security, you gotta go for manual pentests. ☝️</p><p>Alright, so what can you actually do? Update 'em (if that's even an option!), segment your network, and keep an eye on things with monitoring! An unpatched device? That's a ticking time bomb, plain and simple. 💣 And hey, don't forget: vendor security claims are often just a load of marketing fluff! 😬</p><p>Which "smart" devices with known weak spots are hiding out on your network? Have you even checked lately? 👇</p><p><a href="https://infosec.exchange/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IoT</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DDoS</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a></p>
0x40k<p>Yikes, just stumbled upon some news about new Go modules floating around GitHub that can seriously wreck Linux systems!</p><p>So, here’s the scoop: Three particularly nasty Go modules have been spotted. When executed, they're designed to completely trash the system. How? Basically, they use obfuscated code to fetch a payload, and *that* payload proceeds to overwrite `/dev/sda` (your primary hard drive!) with zeros. Poof! Your data is gone. Keep an eye out for these repos: `github[.]com/truthfulpharm/prototransform`, `github[.]com/blankloggia/go-mcp`, and `github[.]com/steelpoor/tlsproxy`.</p><p>The really scary part? This is a stark reminder of how supply-chain attacks can turn even code you *think* you trust into a major threat.</p><p>And honestly, this isn't an isolated incident. Think about those malicious npm packages caught stealing crypto keys, or PyPI packages abusing Gmail for data exfiltration. Unfortunately, the list goes on.</p><p>What steps can you take?<br>* **Always** double-check package authenticity. Look into the publisher's history and verify GitHub links.<br>* Make it a habit to regularly review your dependencies. What are you *really* pulling into your project?<br>* Implement strict access controls, especially for private keys. Don't make it easy for attackers.<br>* Keep tabs on unusual outbound network connections, *particularly* SMTP traffic.<br>* Don't just blindly trust a package because it's been around for a while. Age isn't always a guarantee of safety.</p><p>Speaking as a pentester, these supply-chain attacks are genuinely tricky and folks often underestimate the danger. Sure, automated scans can catch some things, but nothing beats staying vigilant and truly understanding the risks involved. I see it all the time – clients sometimes get a false sense of security just because something is "open source."</p><p>Have you encountered anything similar? What tools or strategies are you using to lock down your supply chain? Drop your thoughts below!</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/SupplyChainSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SupplyChainSecurity</span></a> <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://infosec.exchange/tags/GoLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoLang</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a></p>
Mike Sheward<p>Mini Pen Test Diaries Story:</p><p>During the open source enumeration phase of an external footprint test, I found a virtual machine that bore the name of the client in its NetBIOS response in Shodan.</p><p>Connecting to the machine over HTTP, I found a web app that was very relevant to the industry of the client - so I knew it was likely related.</p><p>The strange thing, however, was that Shodan was telling me NetBIOS and SMB were open (that’s how I found the machine in the first place), but I was unable to connect to it over SMB. Port scan showed closed.</p><p>I needed to figure out why Shodan was telling me one thing, but my reality was different.</p><p>The machine was hosted in Azure, so I figured I’d try rerunning my port scan from a source IP in my own Azure account, to see if I’d get a different result.</p><p>Sure enough, SMB was open when scanned from an Azure machine. They’d opened it up to any IP in Azure. No auth. Just an open file share accessible to anyone who was connecting to it from an Azure public source IP.</p><p>I reported it, and it turned out that the machine was hosted by a vendor on behalf of the client.</p><p>The vendor was insistent that my description of “public access to SMB share” was wrong, since technically it wasn’t open to the internet - just to Azure.</p><p>I then pointed out that hey, Azure is a famous example of a “public” cloud for a reason.</p><p>They fixed it.</p><p>Lesson: always try from different perspectives - such as from within the same providers IP space, you might find what I found.</p><p>For more, slightly less mini stories like this ones check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosecdiaries.com</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
Will Hunt<p>Top <a href="https://infosec.exchange/tags/hashcat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hashcat</span></a> tip:</p><p>Want per-position duplication in your rules to leverage your GPU?</p><p>It's not available in a single op, but you can emulate it by incrementally duplicating the first N chars, and then incrementally deleting the position and frequency of the redundant characters</p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwordcracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordcracking</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a></p>
0x40k<p>Whoa, check this out! 🤯 A million devices infected via malvertising! Seriously scary stuff. You know, those illegal streaming sites? Total playground for cybercriminals.</p><p>Malvertising is a real nasty piece of work, isn't it? They sneak malware in through ads. Gotta remember: even "free" stuff comes with a cost, right?</p><p>This Lumma Stealer thing grabs your passwords, and these RATs (Remote Access Trojans) let them control your system remotely. And get this – they're abusing GitHub to host the malware. Ugh. 😒</p><p>It actually reminds me of a pentest we did where we almost missed an attack chain just like this. You really gotta stay vigilant! ☝️</p><p>So, what does it mean for you? Well, a firewall's great, but it's not a magic bullet. Double-check your downloads, and be super skeptical of any links.</p><p>Microsoft's calling these guys "Storm-0408." Apparently, they're using PowerShell, messing with Defender, and even faking AI chatbot sites! 🤖 Sneaky!</p><p>Bottom line: steer clear of those shady streaming sites. Be wary of links! Keep your antivirus updated. Keep an eye on PowerShell. And most importantly: run regular pentests! 🔒</p><p>Ever had a run-in with malvertising? How do *you* stay safe? 🤔 Share your tips!</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a></p>
0x40k<p>Hey Android folks, listen up! 👀 Google just dropped a crucial security update that you seriously need to check out. It might just be relevant to your phone. Word on the street is, two of the patched vulnerabilities are already being exploited in the wild. Crazy, right? 😬</p><p>This reminds me of those chats I have with clients: "So, Android's secure, yeah?" Well... Privilege Escalation basically means an attacker can snag more permissions on your device. In short: hackers can potentially grab your data! 😱</p><p>They've squashed a whopping 44 vulnerabilities in this March update. CVE-2024-43093 & CVE-2024-50302 are seriously critical. Apparently, CVE-2024-50302 was even leveraged by Cellebrite to get into an activist's phone. Wild stuff! 😳</p><p>Go ahead and check your Android version and smash that update button ASAP (look for 2025-03-01 or 2025-03-05)! Also, be extra careful with apps from sources you don't know. Regular security checks are a must, even on your smartphone.</p><p>Have you already installed the update? Any thoughts or experiences with Android security? 🤔</p><p><a href="https://infosec.exchange/tags/AndroidSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidSecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a></p>
Shawn Hooper (he/him)<p>Looking for a good Canadian pen tester for a web application. Specifically one who bills in CAD. </p><p>Any recommendations? </p><p><a href="https://fosstodon.org/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://fosstodon.org/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://fosstodon.org/tags/canada" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>canada</span></a></p>
d33p.js<p>Done, but... just out of curiosity.</p><p>Should Pentester cleanup after themself?</p><p>Like, delete all Accounts (they may have created) or remove E-Mail Forwarders from Printers and other Systems?</p><p>Please retoot to reach more people.</p><p><a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentester" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentester</span></a> <a href="https://infosec.exchange/tags/fedihelp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fedihelp</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a></p>
ReynardSec<p>How AI sees the work of an Ethical Hacker 🤔 There isn't much room left, I understand this is some kind of suggestion to not leave work? 😅 </p><p><a href="https://infosec.exchange/tags/ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ai</span></a> <a href="https://infosec.exchange/tags/sora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sora</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
Tanya Janca | SheHacksPurple :verified: :verified:<p>Hey everyone! 🎵 Need a good laugh? Check out my hilarious new music video, PenTest (no, no, no), a fun spin on a Amy Winehouse's 'Rehab'! 🤣 Tell me if you get the inside jokes! <br>💥 <a href="https://infosec.exchange/tags/WatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WatchNow</span></a> <a href="https://infosec.exchange/tags/PleaseShare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PleaseShare</span></a> <a href="https://infosec.exchange/tags/PenTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTest</span></a></p><p><a href="https://www.youtube.com/watch?v=NmZcL8CBHeA" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=NmZcL8CBHe</span><span class="invisible">A</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload