shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

271
active users

#pentesting

1 post1 participant0 posts today
SPARK42AI Agents in Penetration Testing
DEF CON<p>All signs point to <a href="https://defcon.social/tags/DEFCONTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCONTraining</span></a> Las Vegas 2025…</p><p>Think you have what it takes? If you recognize qrspba, unpxre, or onqtryvsr then follow the trail to Z2VudmF2YXQucXJzcGJhLmJldAo= to learn more. There’s still time to sign up!</p><p><a href="https://defcon.social/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://defcon.social/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon33</span></a> <a href="https://defcon.social/tags/cybertraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybertraining</span></a> <a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://defcon.social/tags/cyberdefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberdefense</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IoT</span></a> <a href="https://defcon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://defcon.social/tags/training" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>training</span></a></p>
dan_nanni<p>A reverse shell is a stealthy connection that lets an attacker remotely control a target system by having it initiate the connection, often bypassing firewalls to run commands and exploit weaknesses</p><p>Here is how a reverse shell works 😎👇 <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p><p>Find high-res pdf books with all my <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> related infographics at <a href="https://study-notes.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">study-notes.org</span><span class="invisible"></span></a></p>
DEF CON<p>🚨 Swag alert! 🚨 </p><p>Final preparations are underway for <a href="https://defcon.social/tags/DEFCONTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCONTraining</span></a> Las Vegas 2025! Take a look below for a sneak preview of this year’s training swag, provided exclusively to students and instructors.</p><p>It’s not too late to sign up. Browse the course offerings and secure your spot today: <a href="https://training.defcon.org/collections/def-con-training-las-vegas-2025" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">training.defcon.org/collection</span><span class="invisible">s/def-con-training-las-vegas-2025</span></a> </p><p><a href="https://defcon.social/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://defcon.social/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon33</span></a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://defcon.social/tags/cybertraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybertraining</span></a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://defcon.social/tags/offensivecyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>offensivecyber</span></a> <a href="https://defcon.social/tags/cyberdefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberdefense</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
Bill<p>A benefit to having a business major who is trained in application development do your vulnerability assessment is that we tend to take things like marketing and vision into account when doing the test. Sometimes, perceptions are an extremely important part of results, and how an attacker will approach a site is driven by those perceptions. </p><p>If you are not a business major, quick tip: Spend 30 minutes doing deep searches on the company name, the owner's names, the type of business they're in, and any unique phrases so that you get an idea of what people are saying. Use a tool. Get a subscription to the Wall Street Journal or FT. Dig through their databases. Hit the Wayback Machine. </p><p>Look on TOR! Set up a couple of accounts on some of the forums on there (obviously don't connect them to your real identity). Do searches before a test - just see what people are saying. Sometimes it's a big deal.</p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a></p>
SecBurg<p>Humble Tech Book Bundle: The Pentesting &amp; Hacking Toolkit by Packt</p><p><a href="https://secburg.com/posts/humble-tech-book-bundle-pentesting-hacking-toolkit-by-packt/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">secburg.com/posts/humble-tech-</span><span class="invisible">book-bundle-pentesting-hacking-toolkit-by-packt/</span></a></p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/books" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>books</span></a> <a href="https://infosec.exchange/tags/bundle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bundle</span></a></p>
Jay Townsend<p>New theHarvester has been released on GitHub have fun and report back <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
LMG Security<p>Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.</p><p>748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.</p><p>Attackers can:<br>• Gain unauthenticated admin access<br>• Pivot to full remote code execution<br>• Exfiltrate credentials for LDAP, FTP, and more<br>• Move laterally through your network</p><p>Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.</p><p>Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.</p><p>Need help testing your network for exploitable print devices? Contact us and our pentest team can help!</p><p>Read the Dark Reading article for more details on the Brother Printers vulnerability: <a href="https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/endpoint-secur</span><span class="invisible">ity/millions-brother-printers-critical-unpatchable-bug</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/PrinterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrinterSecurity</span></a> <a href="https://infosec.exchange/tags/BrotherPrinters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrotherPrinters</span></a> <a href="https://infosec.exchange/tags/CVE202451978" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202451978</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a></p>
OrangeCon<p>Watch Brenno De Winter’s talk from OrangeCon 2024 on making penetration tests auditable again.<br>Watch here: <a href="https://www.youtube.com/watch?v=Rv0otVFKrkk" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=Rv0otVFKrkk</span><span class="invisible"></span></a> <br><a href="https://infosec.exchange/tags/OrangeCon2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OrangeCon2024</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a></p>
🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸<p>Someone should make a circuit board that fits in an original <a href="https://mastodon.social/tags/tamagotchi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tamagotchi</span></a> shell and upgrades the screen and CPU so that it can do a lot of extra stuff; <a href="https://mastodon.social/tags/gps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gps</span></a> location tracking, <a href="https://mastodon.social/tags/meshtastic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meshtastic</span></a> node, <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> and <a href="https://mastodon.social/tags/radio" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>radio</span></a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> like a <a href="https://mastodon.social/tags/flipperZero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>flipperZero</span></a>, etc. Maybe some <a href="https://mastodon.social/tags/arm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>arm</span></a> <a href="https://mastodon.social/tags/soc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>soc</span></a> like a <a href="https://mastodon.social/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPi</span></a>, or <a href="https://mastodon.social/tags/Rockchip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rockchip</span></a>, or maybe just a little <a href="https://mastodon.social/tags/ESP32" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ESP32</span></a>. Maybe just cram a <a href="https://mastodon.social/tags/Pebble" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pebble</span></a> watch in there or something.</p><p><a href="https://mastodon.social/tags/hardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hardware</span></a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>technology</span></a> <a href="https://mastodon.social/tags/virtualPet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>virtualPet</span></a></p>
Biohacking Village<p>DEF CON Training 2025<br>📅 August 9–12, 2025 | 4-Day Training</p><p>Join Michael Aguilar <a href="https://mastodon.social/tags/v3ga" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>v3ga</span></a> and Alex Delifer <a href="https://mastodon.social/tags/Cheet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cheet</span></a> for a hands-on course on Medical Device Penetration Testing at <a href="https://mastodon.social/tags/DEFCON33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCON33</span></a> <span class="h-card" translate="no"><a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>defcon</span></a></span> </p><p>Learn more and sign up: <a href="https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">training.defcon.org/collection</span><span class="invisible">s/def-con-training-las-vegas-2025/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training</span></a></p><p><a href="https://mastodon.social/tags/Biohackingvillage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Biohackingvillage</span></a> <a href="https://mastodon.social/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hackers</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/workshop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>workshop</span></a> <a href="https://mastodon.social/tags/DEFCON" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCON</span></a></p>
Bill<p>Context poisoning is the new hawtness in AI chatbot testing.</p><p><a href="https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">neuraltrust.ai/blog/echo-chamb</span><span class="invisible">er-context-poisoning-jailbreak</span></a></p><p><a href="https://infosec.exchange/tags/genai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>genai</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
Mike Sheward<p>My previous intro post was a few years old, so behold, new intro post:</p><p>Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).</p><p>I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.</p><p>I also have a company of my own, Secure Being (<a href="https://securebeing.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">securebeing.com</span><span class="invisible"></span></a>), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.</p><p>I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> things. Check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosecdiaries.com</span><span class="invisible"></span></a> and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.</p><p>I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.</p><p>I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. <a href="https://acarsdrama.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">acarsdrama.com</span><span class="invisible"></span></a> has all the details.</p><p>I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, <a href="https://operationanxiety.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">operationanxiety.com</span><span class="invisible"></span></a> - the music is on all the normal places. </p><p>Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.</p><p>So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/acars" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>acars</span></a> <a href="https://infosec.exchange/tags/vdlm2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vdlm2</span></a> <a href="https://infosec.exchange/tags/sdr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sdr</span></a> <a href="https://infosec.exchange/tags/rf" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rf</span></a> <a href="https://infosec.exchange/tags/f1" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>f1</span></a> <a href="https://infosec.exchange/tags/seattle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seattle</span></a> <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>introduction</span></a></p>
Linux Magazine<p>Linux Magazine 296: Pen Testing is available now! Learn to think like an attacker and find resources to get started with penetration testing. This month's DVD includes <span class="h-card" translate="no"><a href="https://fosstodon.org/@fedora" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>fedora</span></a></span> Workstation 42 Live and <span class="h-card" translate="no"><a href="https://mastodon.social/@ubuntubudgie" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ubuntubudgie</span></a></span> 25.04<br><a href="https://www.linux-magazine.com/Issues/2025/296?utm_source=mlm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">linux-magazine.com/Issues/2025</span><span class="invisible">/296?utm_source=mlm</span></a><br><a href="https://fosstodon.org/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a> <a href="https://fosstodon.org/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://fosstodon.org/tags/EUOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EUOS</span></a> <a href="https://fosstodon.org/tags/Lomiri" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lomiri</span></a> <a href="https://fosstodon.org/tags/Nushell" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nushell</span></a> <a href="https://fosstodon.org/tags/Ptcpdump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ptcpdump</span></a> <a href="https://fosstodon.org/tags/Python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Python</span></a> <a href="https://fosstodon.org/tags/deborphan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deborphan</span></a> <a href="https://fosstodon.org/tags/KiCad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KiCad</span></a> <a href="https://fosstodon.org/tags/NiceGUI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NiceGUI</span></a> <a href="https://fosstodon.org/tags/FreshRSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreshRSS</span></a></p>
BSidesLuxembourg<p>We're very happy and excited to announce that we've closed the extra last-minute CFP for the <a href="https://infosec.exchange/tags/OffensiveOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OffensiveOps</span></a> Offensive Security Village, which Bourbon Offensive Security Services has sponsored and turned into reality! The village is accompanied by a <a href="https://infosec.exchange/tags/Lockpicking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lockpicking</span></a> village - see more details below.</p><p>This TAKES PLACE on June 18th from 14.00-18.00 on top of the June 19th full day agenda!!</p><p>Talks:<br>1 - Browser Exploitation: From N-Days to Real-World Exploit Chains in Google Chrome - by Arnaud Perrot (aka "petitoto")</p><p>2 - Hacking EV Chargers: Fast Track to Market, Fast Track to Vulnerabilities - by Simon Petitjean</p><p>3 - Targeting pentesters - by Charlie Bromberg (aka "Shutdown") &amp; Mathieu Calemard du Gardin </p><p>4 - Unpacking Azure Initial Access Attack Techniques - by François-Jérôme Daniel &amp; Patrick Mkhael<br> <br>🔓 In parallel we host the “Physical Intrusion &amp; hashtag<br>hashtag#Lockpicking Village” in the Atrium to permits to practice, learn and more ! by 🃏 Nicolas Aunay (Joker2a)) and Nicolas B.!! </p><p>💥 The village will be live during both days of the event 💥 </p><p>👉 Get your ticket here: <a href="https://lnkd.in/edXc3ytn" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">lnkd.in/edXc3ytn</span><span class="invisible"></span></a></p><p>If you’re into <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a>, <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a>, <a href="https://infosec.exchange/tags/adversaryemulation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>adversaryemulation</span></a>, <a href="https://infosec.exchange/tags/physicalintrusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>physicalintrusion</span></a> or you're a student, passionate, or just curious to explore why offense is mandatory for defense — you’ll feel right at home.</p><p>Let’s build something meaningful for the offensive security community in Luxembourg.</p><p><a href="https://infosec.exchange/tags/BSidesLuxembourg2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSidesLuxembourg2025</span></a><br><a href="https://infosec.exchange/tags/OffensiveOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OffensiveOps</span></a> <br> <a href="https://infosec.exchange/tags/OffSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OffSec</span></a> <br><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a><br><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <br><a href="https://infosec.exchange/tags/communitydriven" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>communitydriven</span></a></p>
Maronno Winchester<p>@hackinarticles@bird.makeup 🔗 <a href="https://bird.makeup/users/hackinarticles/statuses/1927627920861774146" rel="nofollow noopener" target="_blank">bird.makeup/users/hackin...</a> - Pic of the Day <a class="hashtag" href="https://bsky.app/search?q=%23infosec" rel="nofollow noopener" target="_blank">#infosec</a> <a class="hashtag" href="https://bsky.app/search?q=%23cybersecurity" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a class="hashtag" href="https://bsky.app/search?q=%23cybersecuritytips" rel="nofollow noopener" target="_blank">#cybersecuritytips</a> <a class="hashtag" href="https://bsky.app/search?q=%23pentesting" rel="nofollow noopener" target="_blank">#pentesting</a> <a class="hashtag" href="https://bsky.app/search?q=%23cybersecurityawareness" rel="nofollow noopener" target="_blank">#cybersecurityawareness</a> <a class="hashtag" href="https://bsky.app/search?q=%23informationsecurity" rel="nofollow noopener" target="_blank">#informationsecurity</a></p>
Julian Oliver<p>An excellent and especially thorough list of bypasses available to just about any bad actor that can reach a shell on a misconfigured UNIX system.</p><p><a href="https://gtfobins.github.io/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gtfobins.github.io/</span><span class="invisible"></span></a></p><p>(Thanks to one of my students, Susana, for sending this in)</p><p><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
LMG Security<p>AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney <span class="h-card" translate="no"><a href="https://infosec.exchange/@baybedoll" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>baybedoll</span></a></span> shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.</p><p>From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.</p><p>Read now: <a href="https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lmgsecurity.com/are-your-ai-ba</span><span class="invisible">cked-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PromptInjection</span></a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIsecurity</span></a> <a href="https://infosec.exchange/tags/WebAppSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAppSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/LLMvulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLMvulnerabilities</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a></p>
CybersecKyle<p>Pentest a Meta Quest 2.</p><p>Quest Accepted: Setting Up a Pentesting Environment for the Meta Quest 2 <a href="https://blog.securityinnovation.com/setting-up-a-pentesting-environment-for-the-meta-quest-2" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.securityinnovation.com/se</span><span class="invisible">tting-up-a-pentesting-environment-for-the-meta-quest-2</span></a></p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Mike Sheward<p>Mini Pen Test Diaries Story:</p><p>During the open source enumeration phase of an external footprint test, I found a virtual machine that bore the name of the client in its NetBIOS response in Shodan.</p><p>Connecting to the machine over HTTP, I found a web app that was very relevant to the industry of the client - so I knew it was likely related.</p><p>The strange thing, however, was that Shodan was telling me NetBIOS and SMB were open (that’s how I found the machine in the first place), but I was unable to connect to it over SMB. Port scan showed closed.</p><p>I needed to figure out why Shodan was telling me one thing, but my reality was different.</p><p>The machine was hosted in Azure, so I figured I’d try rerunning my port scan from a source IP in my own Azure account, to see if I’d get a different result.</p><p>Sure enough, SMB was open when scanned from an Azure machine. They’d opened it up to any IP in Azure. No auth. Just an open file share accessible to anyone who was connecting to it from an Azure public source IP.</p><p>I reported it, and it turned out that the machine was hosted by a vendor on behalf of the client.</p><p>The vendor was insistent that my description of “public access to SMB share” was wrong, since technically it wasn’t open to the internet - just to Azure.</p><p>I then pointed out that hey, Azure is a famous example of a “public” cloud for a reason.</p><p>They fixed it.</p><p>Lesson: always try from different perspectives - such as from within the same providers IP space, you might find what I found.</p><p>For more, slightly less mini stories like this ones check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosecdiaries.com</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>