Parrot Security<p>ParrotOS 6.4 is out now! 🔔</p><p>This release sets the stage for Parrot 7 with upgraded tools, security fixes, and system improvements 🐦💻</p><p>Upgrade via sudo parrot-upgrade or grab a fresh install from the official site 💡</p><p>Click the link down below and read more on the changelog 🔗</p><p><a href="https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">parrotsec.org/blog/2025-07-07-</span><span class="invisible">parrot-6.4-release-notes</span></a></p><p><a href="https://mastodon.social/tags/ParrotSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParrotSec</span></a> <a href="https://mastodon.social/tags/ParrotOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParrotOS</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/CybersecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityNews</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/PenTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTest</span></a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/linuxdistro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxdistro</span></a></p>
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.
Administered by:
Server stats:
486active users
101010.pl: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0-alpha.1
#pentest
0 posts · 0 participants · 0 posts today
Jack Rendor<p>Hi everyone! I recently released 3 blog posts! <br>All of them are writeups on CTFs where I make some scripts and tools in bash and golang!</p><p>I'll leave you the link of the blog posts and if you have any suggestions or interact with me, don't hesitate to comment or DM me! </p><p>I hope you all can enjoy reading them!</p><p><a href="https://blog.jackrendor.dev/posts/tryhackme-securityfootage/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.jackrendor.dev/posts/tryh</span><span class="invisible">ackme-securityfootage/</span></a></p><p><a href="https://blog.jackrendor.dev/posts/tryhackme-bugged/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.jackrendor.dev/posts/tryh</span><span class="invisible">ackme-bugged/</span></a></p><p><a href="https://blog.jackrendor.dev/posts/tryhackme-eavesdropper/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.jackrendor.dev/posts/tryh</span><span class="invisible">ackme-eavesdropper/</span></a></p><p><a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/penetrationtest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>penetrationtest</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>informationsecurity</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/bash" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bash</span></a> <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a></p>
LMG Security<p>Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.</p><p>748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.</p><p>Attackers can:<br>• Gain unauthenticated admin access<br>• Pivot to full remote code execution<br>• Exfiltrate credentials for LDAP, FTP, and more<br>• Move laterally through your network</p><p>Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.</p><p>Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.</p><p>Need help testing your network for exploitable print devices? Contact us and our pentest team can help!</p><p>Read the Dark Reading article for more details on the Brother Printers vulnerability: <a href="https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/endpoint-secur</span><span class="invisible">ity/millions-brother-printers-critical-unpatchable-bug</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/PrinterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrinterSecurity</span></a> <a href="https://infosec.exchange/tags/BrotherPrinters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrotherPrinters</span></a> <a href="https://infosec.exchange/tags/CVE202451978" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202451978</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a></p>
Who Let The Dogs Out 🐾<p>Discover 12 AI Tools to automate your pentest and cybersecurity audits-3 🧠⚔ </p><p><a href="https://mastodon.ml/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.ml/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://mastodon.ml/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.ml/tags/audit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>audit</span></a></p><p>11. 📉 Garak (<a href="https://github.com/NVIDIA/garak" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/NVIDIA/garak</span><span class="invisible"></span></a>)<br>NVIDIA’s tool for red-teaming and probing LLMs, designed to test model safety, robustness, and leakage.<br>12. 🧭 Auto Recon LLM (<a href="https://github.com/CyberSecurityUP/auto-recon-llm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/CyberSecurityUP/aut</span><span class="invisible">o-recon-llm</span></a>)<br>Automates the reconnaissance phase using LLMs to interpret recon output and make tactical decisions.</p>
Who Let The Dogs Out 🐾<p>Discover 12 AI Tools to automate your pentest and cybersecurity audits-2 🧠⚔ </p><p><a href="https://mastodon.ml/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.ml/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://mastodon.ml/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.ml/tags/audit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>audit</span></a></p><p>6. 🧩 Nuclei AI Extension (<a href="https://github.com/projectdiscovery/nuclei-ai-extension" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/projectdiscovery/nu</span><span class="invisible">clei-ai-extension</span></a>)<br>Official extension for Nuclei that uses AI to suggest and create new detection templates from HTTP responses.<br>7. 💣 HackGPT (<a href="https://github.com/NoDataFound/hackGPT" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/NoDataFound/hackGPT</span><span class="invisible"></span></a>)<br>A GPT-powered hacking CLI to assist with payload crafting, bypass techniques, and offensive scripting.<br>8. 🛡 AutorizePro (<a href="https://github.com/WuliRuler/AutorizePro" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/WuliRuler/AutorizeP</span><span class="invisible">ro</span></a>)<br>Authorization fuzzing tool with GPT integration to generate smarter test cases and detect access control issues.<br>9. ☁ CloudGPT (<a href="https://github.com/ustayready/cloudgpt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/ustayready/cloudgpt</span><span class="invisible"></span></a>)<br>Uses GPT to identify misconfigurations and vulnerabilities in cloud environments like AWS, GCP, and Azure.<br>10. 📦 K8sGPT (<a href="https://github.com/k8sgpt-ai/k8sgpt/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/k8sgpt-ai/k8sgpt/</span><span class="invisible"></span></a>)<br>Diagnoses misconfigurations and vulnerabilities in Kubernetes clusters, explained in natural language via LLMs.</p>
Who Let The Dogs Out 🐾<p>Discover 12 AI Tools to automate your pentest and cybersecurity audits-1 🧠⚔ </p><p><a href="https://mastodon.ml/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://mastodon.ml/tags/tool" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tool</span></a> <a href="https://mastodon.ml/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://mastodon.ml/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.ml/tags/audit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>audit</span></a></p><p>1. 🧠 PentestGPT (<a href="https://github.com/GreyDGL/PentestGPT" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/GreyDGL/PentestGPT</span><span class="invisible"></span></a>)<br>LLM-based tool that simulates a step-by-step penetration testing process, emulating a realistic attack workflow.<br>2. 🤖 Auto-Pentest-GPT-AI (<a href="https://github.com/Armur-Ai/Auto-Pentest-GPT-AI" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/Armur-Ai/Auto-Pente</span><span class="invisible">st-GPT-AI</span></a>)<br>An AI-powered framework using GPT-4 to perform automated pentests with logical, chain-of-thought exploration.<br>3. 🔍 BurpGPT (<a href="https://github.com/aress31/burpgpt" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/aress31/burpgpt</span><span class="invisible"></span></a>)<br>A Burp Suite extension that integrates GPT to analyze requests/responses and suggest payloads or detect vulnerabilities.<br>4. 🌐 ReconAIzer (<a href="https://github.com/hisxo/ReconAIzer" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/hisxo/ReconAIzer</span><span class="invisible"></span></a>)<br>An AI-driven reconnaissance assistant using GPT-4 to interpret recon tool results and recommend next steps.<br>5. 🔐 PassGAN (<a href="https://github.com/brannondorsey/PassGAN" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/brannondorsey/PassG</span><span class="invisible">AN</span></a>)<br>A generative adversarial network trained to generate real-world passwords based on leaked data — a smart brute-force ally.</p>
r1cksec<p>A collection of over 1000 Git repositories with tools for IT security/infosec. Caution, there will be malware🕵️♂️ </p><p><a href="https://github.com/r1cksec/cheatsheets/blob/main/url/git-tools" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/r1cksec/cheatsheets</span><span class="invisible">/blob/main/url/git-tools</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a></p>
dan_nanni<p>Python offers a rich set of libraries for penetration testing, enabling tasks like network scanning, exploit development, web vulnerability analysis, and payload generation</p><p>Here are useful <a href="https://mastodon.social/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> libraries for pentesters 😎👇 <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a></p><p>Find high-res pdf books with all my <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> related infographics at <a href="https://study-notes.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">study-notes.org</span><span class="invisible"></span></a></p>
LMG Security<p>AI-powered features are the new attack surface! Check out our new blog in which LMG Security’s Senior Penetration Tester Emily Gosney <span class="h-card" translate="no"><a href="https://infosec.exchange/@baybedoll" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>baybedoll</span></a></span> shares real-world strategies for testing AI-driven web apps against the latest prompt injection threats.</p><p>From content smuggling to prompt splitting, attackers are using natural language to manipulate AI systems. Learn the top techniques—and why your web app pen test must include prompt injection testing to defend against today’s AI-driven threats.</p><p>Read now: <a href="https://www.lmgsecurity.com/are-your-ai-backed-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">lmgsecurity.com/are-your-ai-ba</span><span class="invisible">cked-web-apps-secure-why-prompt-injection-testing-belongs-in-every-web-app-pen-test/</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PromptInjection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PromptInjection</span></a> <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIsecurity</span></a> <a href="https://infosec.exchange/tags/WebAppSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAppSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/LLMvulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LLMvulnerabilities</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a></p>
Mike Sheward<p>Mini Pen Test Diaries Story:</p><p>During the open source enumeration phase of an external footprint test, I found a virtual machine that bore the name of the client in its NetBIOS response in Shodan.</p><p>Connecting to the machine over HTTP, I found a web app that was very relevant to the industry of the client - so I knew it was likely related.</p><p>The strange thing, however, was that Shodan was telling me NetBIOS and SMB were open (that’s how I found the machine in the first place), but I was unable to connect to it over SMB. Port scan showed closed.</p><p>I needed to figure out why Shodan was telling me one thing, but my reality was different.</p><p>The machine was hosted in Azure, so I figured I’d try rerunning my port scan from a source IP in my own Azure account, to see if I’d get a different result.</p><p>Sure enough, SMB was open when scanned from an Azure machine. They’d opened it up to any IP in Azure. No auth. Just an open file share accessible to anyone who was connecting to it from an Azure public source IP.</p><p>I reported it, and it turned out that the machine was hosted by a vendor on behalf of the client.</p><p>The vendor was insistent that my description of “public access to SMB share” was wrong, since technically it wasn’t open to the internet - just to Azure.</p><p>I then pointed out that hey, Azure is a famous example of a “public” cloud for a reason.</p><p>They fixed it.</p><p>Lesson: always try from different perspectives - such as from within the same providers IP space, you might find what I found.</p><p>For more, slightly less mini stories like this ones check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosecdiaries.com</span><span class="invisible"></span></a> </p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
dan_nanni<p>Explore these free cybersecurity services to scan threats, check exposures, and boost your digital security—no login required 😎👇 </p><p><a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://mastodon.social/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>malware</span></a> <a href="https://mastodon.social/tags/securitybreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>securitybreach</span></a> </p><p>Find high-res pdf books with all my <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> infographics at <a href="https://study-notes.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">study-notes.org</span><span class="invisible"></span></a></p>
0x40k<p>Browser extensions... seriously? 🤯 Think of 'em like little backdoors straight into your systems.</p><p>Sure, things like spellcheckers and handy AI tools seem convenient, right? But the permissions they often demand? Honestly, it's often insane. 😵💫</p><p>Look, as a pentester, I strike gold with these *all the time*! 💰 We're talking cookies, passwords, browsing habits – sometimes it's all just wide open. And *then* people are shocked when they get hacked. 🤷♂️</p><p>Yeah, security awareness training definitely matters. But here’s what’s even more critical: you absolutely *need* to know which extensions your team is actually using! Go on, check those permissions thoroughly! Otherwise, you're just asking for trouble down the line. 💥</p><p>So, spill the beans: Which browser extension has given *you* a major headache before? Let's hear it!</p><p><a href="https://infosec.exchange/tags/ITSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSec</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/BrowserSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrowserSecurity</span></a> <a href="https://infosec.exchange/tags/SecurityFirst" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityFirst</span></a></p>
0x40k<p>Whoa, just checked out the latest GitGuardian report. It's wild how many secrets popped up *again*! 😳 We're talking millions of credentials just floating around out there.</p><p>And here's the kicker: it's not *only* about human slip-ups anymore. You've got more and more 'Non-Human Identities' (NHIs) – think bots, scripts, AI agents – churning out secrets too. And honestly? Those NHI secrets often get way less attention than the ones people handle.</p><p>As a pentester, I bump into this constantly. Find an old, forgotten API key lying around, and *boom* – system's compromised. 🤦♂️ Yeah, automated scans are definitely helpful, but nothing beats having solid secrets management in place. It's absolutely crucial.</p><p>So, how's everyone else keeping their secrets locked down? Got any killer best practices to share?</p><p><a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DevSecOps</span></a> <a href="https://infosec.exchange/tags/SecretsManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecretsManagement</span></a></p>
0x40k<p>Seriously, the Outlaw botnet? Still pulling off SSH brute-force attacks in 2024?! Wild how that's *still* getting results. It really just hammers home the point: the fundamentals are absolutely crucial!</p><p>You've gotta have solid password habits locked down. Things like key authentication, maybe changing the default SSH port, setting up Fail2ban... c'mon, it isn't exactly brain surgery, right?</p><p>But yeah, setting it up takes a bit of effort, doesn't it? And we all know time equals money...</p><p>Working as a pentester, I see it way too often – companies cutting corners precisely on these foundational steps. They'd rather splash out on flashy AI security tools, yet leave the digital front door practically wide open. Then, inevitably, everyone acts shocked when things go sideways.</p><p>So, I gotta ask: What "basic" security measures do you see getting consistently overlooked where you work? 🤔</p><p><a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/ssh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ssh</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/basics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>basics</span></a></p>
0x40k<p>Whoa, check this out! Head Mare and Twelve are teaming up! 🤯 Two threat groups joining forces... sounds like things are about to get real.</p><p>And guess what? The WinRAR exploit (CVE-2023-38831) and Exchange (ProxyLogon) are *still* being used. Seriously, folks, patch your systems! 🤦♂️ Phishing and supply chain attacks are still a major problem too.</p><p>This reminds me of a pentest where we almost missed the forest for the trees. You know, sometimes it's the simple stuff that makes all the difference.</p><p>So, what's the takeaway here? 🤔 Patch everything, harden your systems, train your employees, and audit those supply chains! Oh, and network segmentation? It's worth its weight in gold! Don't overlook it!</p><p>I'm curious, what's the craziest security blunder you've ever witnessed firsthand? Spill the beans! 👇</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threatintel</span></a></p>
0ddj0bb<p>Hey <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> and <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> ers, what security controlsnon endpoints and servers make your life miserable on an engagement? </p><p>App allow listing? <br>DEP?<br>Powershell execution policies?<br>Hostbased firewall?</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyber</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dfir</span></a></p>
0x40k<p>Attack graphs, cool stuff, right? 😎 They basically map out potential attack pathways into your network. Think of it as an interactive GPS, but for cyber attackers navigating your system.</p><p>A lot of folks figure a simple pentest is enough... Wrong! Attack graphs are way more dynamic. They show you the possible attack paths *before* an incident even happens. It’s preventative pentesting, essentially. 🤓</p><p>Here's a crucial point: don't *just* look at CVSS scores! Attack graphs reveal which vulnerabilities are truly dangerous *because* they can be chained together. *That's* where the real value lies! 🔥</p><p>So, are you already leveraging attack graphs? Or are you sticking with more traditional vulnerability scans? 🤔</p><p><a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/attackgraph" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>attackgraph</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p>
0x40k<p>Hey Android folks, listen up! 👀 Google just dropped a crucial security update that you seriously need to check out. It might just be relevant to your phone. Word on the street is, two of the patched vulnerabilities are already being exploited in the wild. Crazy, right? 😬</p><p>This reminds me of those chats I have with clients: "So, Android's secure, yeah?" Well... Privilege Escalation basically means an attacker can snag more permissions on your device. In short: hackers can potentially grab your data! 😱</p><p>They've squashed a whopping 44 vulnerabilities in this March update. CVE-2024-43093 & CVE-2024-50302 are seriously critical. Apparently, CVE-2024-50302 was even leveraged by Cellebrite to get into an activist's phone. Wild stuff! 😳</p><p>Go ahead and check your Android version and smash that update button ASAP (look for 2025-03-01 or 2025-03-05)! Also, be extra careful with apps from sources you don't know. Regular security checks are a must, even on your smartphone.</p><p>Have you already installed the update? Any thoughts or experiences with Android security? 🤔</p><p><a href="https://infosec.exchange/tags/AndroidSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AndroidSecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a></p>
Shawn Hooper (he/him)<p>Looking for a good Canadian pen tester for a web application. Specifically one who bills in CAD. </p><p>Any recommendations? </p><p><a href="https://fosstodon.org/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>appsec</span></a> <a href="https://fosstodon.org/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://fosstodon.org/tags/canada" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>canada</span></a></p>
buheratorThis is a pretty good summary of <a class="hashtag" href="https://infosec.place/tag/pentest" rel="nofollow noopener" target="_blank">#pentest</a> as a profession:<br><br><a href="https://www.reddit.com/r/Pentesting/comments/1ixoq2g/pentesting_is_the_hardest_cybersecurity/" rel="nofollow noopener" target="_blank">https://www.reddit.com/r/Pentesting/comments/1ixoq2g/pentesting_is_the_hardest_cybersecurity/</a><br><br>(I don't think comparisons to other fields makes much sense though)
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload