usd AG<p>We have found an interesting vulnerability in a <a href="https://infosec.exchange/tags/Matrix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Matrix</span></a> <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> client:</p><p>🧩 Software: <a href="https://infosec.exchange/tags/Element" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Element</span></a> X Android<br>📦 Affected Version: <= 25.04.1<br>🆔 CVE: CVE-2025-27599<br>📊 CVSSv3.1: MEDIUM<br>⚠️ Prerequisites: Clicking on a crafted hyperlink or using a malicious app</p><p>Since Element X Android usually has the permission to access camera and microphone, this can be used to record audio and video from the victim. Pretty bad! 😨</p><p>🔗 Read more: <a href="https://herolab.usd.de/security-advisories/usd-2025-0010/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">herolab.usd.de/security-adviso</span><span class="invisible">ries/usd-2025-0010/</span></a></p><p><a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE_2025_27599" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE_2025_27599</span></a> <a href="https://infosec.exchange/tags/SpyWare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SpyWare</span></a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Phishing</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
urbanists.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
We're a server for people who like bikes, transit, and walkable cities. Let's get to know each other!
Administered by:
Server stats:
530active users
urbanists.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.8
#pentesting
7 posts · 6 participants · 0 posts today
Karl Voit :emacs: :orgmode:<p>Who says that <a href="https://graz.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AI</span></a> isn't helping people in real-life situations?</p><p>Consider yourself a bad <a href="https://graz.social/tags/hacker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacker</span></a>, breaking in a company <a href="https://graz.social/tags/SharePoint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SharePoint</span></a> server. With <a href="https://graz.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://graz.social/tags/CoPilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CoPilot</span></a>, you're able to determine recent <a href="https://graz.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> reports, plain text <a href="https://graz.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> and other crucial information for your attack right away. As if you get direct help by an insider. Amazing.</p><p>If you find an interesting sensitive file you don't have reading permission for, you can ask CoPilot to show it to you, overriding all the <a href="https://graz.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> permission measures. Even better: this is not even logged as a file access. No need to clean up afterward.</p><p>Exactly the software you will need for your work. <a href="https://graz.social/tags/Pentester" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentester</span></a> and attackers could not have asked for a better tool. Your victims will pay for this handy service themselves. Great to get that kind of important support by Microsoft. 😉 </p><p>Read about that on: <a href="https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pentestpartners.com/security-b</span><span class="invisible">log/exploiting-copilot-ai-for-sharepoint/</span></a></p><p><a href="https://graz.social/tags/LLM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LLM</span></a> <a href="https://graz.social/tags/fail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fail</span></a> <a href="https://graz.social/tags/backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoor</span></a> <a href="https://graz.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
CybersecKyle<p>Pentest a Meta Quest 2.</p><p>Quest Accepted: Setting Up a Pentesting Environment for the Meta Quest 2 <a href="https://blog.securityinnovation.com/setting-up-a-pentesting-environment-for-the-meta-quest-2" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.securityinnovation.com/se</span><span class="invisible">tting-up-a-pentesting-environment-for-the-meta-quest-2</span></a></p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Mike Sheward<p>Mini Pen Test Diaries Story:</p><p>During the open source enumeration phase of an external footprint test, I found a virtual machine that bore the name of the client in its NetBIOS response in Shodan.</p><p>Connecting to the machine over HTTP, I found a web app that was very relevant to the industry of the client - so I knew it was likely related.</p><p>The strange thing, however, was that Shodan was telling me NetBIOS and SMB were open (that’s how I found the machine in the first place), but I was unable to connect to it over SMB. Port scan showed closed.</p><p>I needed to figure out why Shodan was telling me one thing, but my reality was different.</p><p>The machine was hosted in Azure, so I figured I’d try rerunning my port scan from a source IP in my own Azure account, to see if I’d get a different result.</p><p>Sure enough, SMB was open when scanned from an Azure machine. They’d opened it up to any IP in Azure. No auth. Just an open file share accessible to anyone who was connecting to it from an Azure public source IP.</p><p>I reported it, and it turned out that the machine was hosted by a vendor on behalf of the client.</p><p>The vendor was insistent that my description of “public access to SMB share” was wrong, since technically it wasn’t open to the internet - just to Azure.</p><p>I then pointed out that hey, Azure is a famous example of a “public” cloud for a reason.</p><p>They fixed it.</p><p>Lesson: always try from different perspectives - such as from within the same providers IP space, you might find what I found.</p><p>For more, slightly less mini stories like this ones check out <a href="https://infosecdiaries.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosecdiaries.com</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>WinPwn simplifies internal Windows penetration testing by automating reconnaissance and exploitation through PowerShell. Features include domain recon, privilege escalation, Kerberoasting, UAC bypasses, and proxy-aware scripting. Also works offline with `Offline_Winpwn.ps1`. <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/S3cur3Th1sSh1t/WinPwn" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/S3cur3Th1sSh1t/WinP</span><span class="invisible">wn</span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
0x40k<p>Alright, let's talk Security Advisories for a sec. Seriously, who can actually keep track of *all* of them anymore? 😵💫 Between CISA alerts, vendor pages, and the chaos on Twitter... it feels like a never-ending copy-paste nightmare sometimes.</p><p>Sure, automation sounds like a neat fix. You hear about tools like Tines, CrowdStrike, ServiceNow, and they definitely seem slick. But here's the kicker: we absolutely *cannot* forget the human element! ☝️ Let's be real, no fancy tool is ever going to completely replace the intuition and experience of a seasoned security analyst.</p><p>Speaking from my own experience as a pentester, here's how I see it: you've *got* to nail down your processes first. Only *then* should you even think about automating parts of it. Otherwise? You're just setting yourself up for automated chaos, plain and simple. 🤷♂️</p><p>So, that brings up the whole Low-Code/No-Code thing in the security space... Is it a game-changer or just asking for trouble? What's your take on it? 🤔</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/automation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>automation</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
nickbearded<p>Big news in the <a href="https://mastodon.social/tags/BashCore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BashCore</span></a> project: introducing <a href="https://mastodon.social/tags/BashCoreLX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BashCoreLX</span></a> — the same minimal, powerful BashCore, now with a lightweight <a href="https://mastodon.social/tags/LXDE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LXDE</span></a> graphical interface!<br>Tested on my old machine: just 300MB RAM on boot.<br>Hoping to release a public ISO soon using live-build!</p><p>It’ll include all BashCore tools +<br><a href="https://mastodon.social/tags/Wireshark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wireshark</span></a> <a href="https://mastodon.social/tags/OWASPZAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OWASPZAP</span></a> <a href="https://mastodon.social/tags/BurpSuite" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BurpSuite</span></a> <a href="https://mastodon.social/tags/FernWiFiCracker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FernWiFiCracker</span></a> <a href="https://mastodon.social/tags/FirefoxESR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FirefoxESR</span></a> <a href="https://mastodon.social/tags/Netsurf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Netsurf</span></a></p><p><a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/LightweightLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LightweightLinux</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/LiveISO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LiveISO</span></a></p>
halil deniz<p>Get All Three Books: Scapy, Advanced Python, and Ethical Hacking!<br><a href="https://buymeacoffee.com/halildeniz/e/317973" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">buymeacoffee.com/halildeniz/e/</span><span class="invisible">317973</span></a></p><p><a href="https://mastodon.social/tags/scapy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scapy</span></a> <a href="https://mastodon.social/tags/networksecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecurity</span></a> <a href="https://mastodon.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ethicalhacking</span></a> <a href="https://mastodon.social/tags/books" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>books</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://mastodon.social/tags/scapynetwork" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>scapynetwork</span></a></p>
Mike Sheward<p>Independent Bookstore Day - happy that all of my books are available on Bookshop.org, which supports local bookstores, thus:</p><p> <a href="https://bookshop.org/contributors/mike-sheward" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">bookshop.org/contributors/mike</span><span class="invisible">-sheward</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/independentbookstoreday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>independentbookstoreday</span></a></p>
13reak :fedora:<p>Most organizations do not have multi-factor authentication (MFA) enabled for their Azure service principals.</p><p>Why? </p><p>You need a special license <strong>for every single application</strong> you want to enable MFA for.</p><p><a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloud</span></a> <a href="https://infosec.exchange/tags/azure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>azure</span></a> <a href="https://infosec.exchange/tags/knowledgedrop" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>knowledgedrop</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Maronno Winchester<p><a href="https://bird.makeup/users/hackinarticles/statuses/1913503450748621152" rel="nofollow noopener noreferrer" target="_blank">bird.makeup/users/hackin...</a>
Pic of the Day
<a class="hashtag" href="https://bsky.app/search?q=%23infosec" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a class="hashtag" href="https://bsky.app/search?q=%23cybersecurity" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a class="hashtag" href="https://bsky.app/search?q=%23cybersecuritytips" rel="nofollow noopener noreferrer" target="_blank">#cybersecuritytips</a> <a class="hashtag" href="https://bsky.app/search?q=%23pentesting" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a class="hashtag" href="https://bsky.app/search?q=%23cybersecurityawareness" rel="nofollow noopener noreferrer" target="_blank">#cybersecurityawareness</a> <a class="hashtag" href="https://bsky.app/search?q=%23informationsecurity" rel="nofollow noopener noreferrer" target="_blank">#informationsecurity</a></p>
Vasileiadis A. (Cyberkid)<p>SQL Injection (SQLi) 💉 – Everything You Need to Know</p><p>What is SQL Injection?<br>SQL Injection is a code injection technique that allows attackers to interfere with the queries an application makes to its database.</p><p>Types of SQLi:</p><p>1. In-band SQLi – Most common and easy to exploit.</p><p>2. Blind SQLi – Data isn’t visibly returned but can still be extracted through inference.</p><p>3. Out-of-band SQLi – Uses external servers to get results (less common but powerful).</p><p>4. Time-Based Blind SQLi – Server delay used to infer info from the database.</p><p>Attack Scenarios:<br>▫️Bypassing logins<br>▫️Dumping database contents<br>▫️Modifying or deleting data<br>▫️Escalating privileges<br>▫️Accessing admin panels</p><p>Common SQLi Targets:<br>🔹Login forms<br>🔹Search boxes<br>🔹URL parameters<br>🔹Cookies<br>🔹Contact or feedback forms</p><p>How to Prevent SQLi:<br>▪️Use parameterized queries<br>▪️Employ ORM frameworks<br>▪️Sanitize all user inputs<br>▪️Set least privilege for DB users<br>▪️Use Web Application Firewalls (WAF)</p><p>♦️Red Team Tip<br>Test all user input points, especially where data touches the database. Think beyond login forms—SQLi hides in unexpected places.</p><p>🔖Hashtags:<br><a href="https://defcon.social/tags/SQLInjection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SQLInjection</span></a> <a href="https://defcon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://defcon.social/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EthicalHacking</span></a> <a href="https://defcon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://defcon.social/tags/WebSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebSecurity</span></a> <a href="https://defcon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a> <a href="https://defcon.social/tags/BugBounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BugBounty</span></a> <a href="https://defcon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a></p><p>⚠️Disclaimer:<br>This content is for educational purposes only. Always perform security testing with explicit permission. Unauthorized testing is illegal and unethical.</p>
dan<p>Come join my team: Target is hiring for a Senior AppSec Pentester. Message me if you want to know what the role/team is like. Lots of benefits, plenty of time for training. Must be close-ish to Brooklyn Park, MN.</p><p><a href="https://target.wd5.myworkdayjobs.com/targetcareers/job/7000-Target-Pkwy-NNCD-0375-Brooklyn-ParkMN-55445/Senior-Cybersecurity-Engineer---Penetration-Tester_R0000388874" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">target.wd5.myworkdayjobs.com/t</span><span class="invisible">argetcareers/job/7000-Target-Pkwy-NNCD-0375-Brooklyn-ParkMN-55445/Senior-Cybersecurity-Engineer---Penetration-Tester_R0000388874</span></a></p><p><a href="https://infosec.exchange/tags/hiring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hiring</span></a> <a href="https://infosec.exchange/tags/fedijobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedijobs</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/infosecjobs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosecjobs</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>SecLists is a powerful resource for security testing. It consolidates usernames, passwords, payloads, sensitive patterns, and more into one repository. Essential for pen testers and bug hunters. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PenTesting</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/danielmiessler/SecLists" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/danielmiessler/SecL</span><span class="invisible">ists</span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>Active Directory Certificate Services (AD CS) can be a goldmine if misconfigured. Tools like Certipy simplify enumeration and abuse, leveraging techniques like Shadow Credentials, Golden Certificates, and domain escalation paths (ESC1-ESC11). <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a> </p><p>Certipy's `shadow` command exemplifies ADCS weaknesses. By manipulating `msDS-KeyCredentialLink`, you can take over accounts via PKINIT. It's seamless but devastating for privilege escalation. <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ActiveDirectory</span></a> </p><p>Golden Certificates mimic Golden Tickets but target ADCS. Using a compromised CA private key, an attacker can forge certs for domain controllers or users. Certipy automates this process—caution with CA backups. <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PKI</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/ly4k/Certipy" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/ly4k/Certipy</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
0x40k<p>Man, this whole AI hype train... Yeah, sure, the tools are definitely getting sharper and faster, no doubt about it. But an AI pulling off a *real* pentest? Seriously doubt that's happening anytime soon. Let's be real: automated scans are useful, but they just aren't the same beast as a genuine penetration test.</p><p>Honestly, I think security needs to be woven right into the fabric of a company from the get-go. It can't just be an afterthought you tack on when alarms are already blaring.</p><p>Now, don't get me wrong, AI definitely brings its own set of dangers – disinformation is a big one that springs to mind. But here's the thing: we absolutely *have* to get our heads around these tools and figure them out. If we don't keep pace, we risk becoming irrelevant pretty quick.</p><p>So, curious to hear what you all think – where do the greatest pitfalls lie with AI in the security field? What keeps you up at night?</p><p><a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AISecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/OffensiveSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OffensiveSecurity</span></a></p>
ked :3<p>to any and all <a href="https://freeradical.zone/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> and <a href="https://freeradical.zone/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> professionals, do you have any tips you could share about business-speak? more specifically, how do you translate to a business unrelated with our field the importance of our work?</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@HonkHase" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>HonkHase</span></a></span> ja, die <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> jener <a href="https://infosec.space/tags/KRITIS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KRITIS</span></a> ist quasi nichtexistent.</p><ul><li>Und nein, ich werde nicht in Details gehen.</li></ul><p>Nur soviel: Mich bezahlt keine*r die dazu authorisiert sind für's <a href="https://infosec.space/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a>!</p>
0x40k<p>Yo, IT-Sec crowd! ✌️</p><p>Anyone else noticing how *everyone* seems to be talking about AI-powered security tools these days? Yeah, it's everywhere. But let's be real for a sec – are they *truly* as amazing as the hype suggests? 🤔</p><p>I mean, okay, AI can definitely be useful for spotting anomalies and patterns, no doubt about that. But here's a thought: what happens if the AI itself gets compromised? Or what about when it starts churning out false alarms simply because it doesn't *really* grasp the situation? 🤖</p><p>Honestly, I've got my reservations. While automation is certainly nice to have, I'm convinced a skilled pentester, you know, one with actual brainpower and a strategic approach, still outsmarts any AI – at least for the time being. 😎 And look, if AI eventually *does* get significantly better, well, that just means it's time for us to add another skill to our toolkit. 🤷♂️</p><p>So, what's your perspective on this? Do you see AI completely taking over the pentesting scene, or is that human touch going to remain irreplaceable? 🔥 Let the debate begin!</p><p><a href="https://infosec.exchange/tags/AISecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AISecurity</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hacking</span></a></p>
nickbearded<p>BashCore 2504 is here.</p><p>Minimal boot, automatic login, Debian 12, kernel 6.1. No distractions, no GUI. Just raw power and full control — the BashCore way.</p><p>user@bashcore:~$</p><p>Get it now at <a href="https://bashcore.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bashcore.org</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/bashcore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bashcore</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>debian</span></a> <a href="https://mastodon.social/tags/minimalism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>minimalism</span></a> <a href="https://mastodon.social/tags/cli" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cli</span></a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/liveos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>liveos</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload