mastodontech.de ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Offen für alle (über 16) und bereitgestellt von Markus'Blog

Serverstatistik:

1,5 Tsd.
aktive Profile

#pentesting

4 Beiträge3 Beteiligte0 Beiträge heute
Marko<p>Versuch Nummer 2 mit dem KDE flavor von <a href="https://kanoa.de/tags/secBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secBSD</span></a> </p><p>Dummerweise übernimmt es weder den root noch den user login nach der Installation. Ist echt nervig, denn das System sieht echt vielversprechend aus. </p><p>🌀 <a href="https://www.secbsd.org/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">secbsd.org/</span><span class="invisible"></span></a></p><p><a href="https://kanoa.de/tags/openbsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openbsd</span></a> <a href="https://kanoa.de/tags/bsd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bsd</span></a> <a href="https://kanoa.de/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
christian mock<p>pentesters -- is there a service/database where I can search by CVE and see whether there's POC code out there? <a href="https://chaos.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> </p><p>:BoostOK:</p>
christian mock<p>oida, wer stellt seinen console-serial-port auf 921600 baud? (immerhiin weiß ich jetzt, daß man mit einem esp32-modul einen logic-analyzer bauen kann, der sauber mit 10 MHz samplen kann). <a href="https://chaos.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
Jarrod<p>I just pwned Jigsaw on Hack The Box! <a href="https://labs.hackthebox.com/achievement/challenge/335130/934" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">labs.hackthebox.com/achievemen</span><span class="invisible">t/challenge/335130/934</span></a> <a href="https://infosec.exchange/tags/HackTheBox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackTheBox</span></a> <a href="https://infosec.exchange/tags/htb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>htb</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a></p>
Parrot Security<p>ParrotOS 6.4 is out now! 🔔</p><p>This release sets the stage for Parrot 7 with upgraded tools, security fixes, and system improvements 🐦💻</p><p>Upgrade via sudo parrot-upgrade or grab a fresh install from the official site 💡</p><p>Click the link down below and read more on the changelog 🔗</p><p><a href="https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">parrotsec.org/blog/2025-07-07-</span><span class="invisible">parrot-6.4-release-notes</span></a></p><p><a href="https://mastodon.social/tags/ParrotSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParrotSec</span></a> <a href="https://mastodon.social/tags/ParrotOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParrotOS</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/CybersecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityNews</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/PenTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTest</span></a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/linuxdistro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxdistro</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>NetExec (formerly CrackMapExec) is a Python-based tool for network enumeration and exploitation, tailored to Active Directory environments. Fully open-source, it's designed for red teams and pentesters tackling complex security contexts. <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/Pennyw0rth/NetExec" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Pennyw0rth/NetExec</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️</p>
Phillip Wylie<p>After 18 years my @YouTube channel is on the brink of a milestone. This is not a big deal for most, but sharing and helping others has been a big focus for me the past 7 years. Growing my channel helps with that mission. Please subscribe. </p><p><a href="https://youtube.com/@phillipwylie" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/@phillipwylie</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>offensivesecurity</span></a></p>
Konstantin :C_H:<p>CVE Crowd's Top 3 Vulnerabilities from June!</p><p>These stood out among the 528 CVEs actively discussed across the Fediverse.</p><p>For each CVE, I’ve included a standout post from the community.</p><p>Enjoy exploring! 👇</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE</span></a> <a href="https://infosec.exchange/tags/CVECrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVECrowd</span></a></p>

I recently ran into an interesting discrepancy:

What you see below are 120-bit Session IDs, one printed as hex and one in the format of a #UUIDv4.

After validating their randomness, I would classify the first as secure but raise concerns about the second.

Why?

Well, according to RFC 4122:

"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example."

And that's exactly what a session ID is: an identifier whose possession grants access. As such, UUIDs should not be used in such a case.

What do you think? Is this nitpicking? Or a valid security nuance?

Does the format in which data is displayed have an impact on its security?

I'd love to hear your thoughts.

#Pentesting#AppSec#InfoSec

Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: darkreading.com/endpoint-secur

We turned a car into a Mario Kart controller! 🏎️🎮
 
At PTP Cyber Fest, attendees used the steering wheel, pedals, and brakes of a real Renault Clio to play SuperTuxKart.
 
We tapped into the CAN bus with cheap wire splicers.
 
Mapped the signals using Python.
 
We even wrote our own state machine to make it all work.
 
Sure, it was a bit impractical. We had to remove the wing mirrors to fit it inside the building, deal with dodgy electrics, and babysit the car battery.
 
Next year, we might try something a bit more portable.
 
📌Read how we did it here: pentestpartners.com/security-b
 
#CyberSecurity #AutomotiveSecurity #CANbus #HackThePlanet #PenTesting #Python #Infosec #PTPCyberFest2025

A strict-looking content security policy isn’t always a secure one.

During a recent engagement, we came across a policy that had all the right bits on paper including nonces, locked-down sources, and everything you'd expect.

But one missing directive "base-uri" was all it took to break it wide open.

By injecting a <base> tag, we redirected script loading to an attacker-controlled domain. XSS payload delivered. CSP bypassed.

CSPs need more than checkboxes. They need context, testing, and attention to the small stuff.

📌Here’s what went wrong and how to avoid it: pentestpartners.com/security-b

#CyberSecurity#AppSec#CSP