I recently ran into an interesting discrepancy:
What you see below are 120-bit Session IDs, one printed as hex and one in the format of a #UUIDv4.
After validating their randomness, I would classify the first as secure but raise concerns about the second.
Why?
Well, according to RFC 4122:
"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example."
And that's exactly what a session ID is: an identifier whose possession grants access. As such, UUIDs should not be used in such a case.
What do you think? Is this nitpicking? Or a valid security nuance?
Does the format in which data is displayed have an impact on its security?
I'd love to hear your thoughts.
Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.
748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.
Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network
Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.
Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.
Need help testing your network for exploitable print devices? Contact us and our pentest team can help!
Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug
Watch Brenno De Winter’s talk from OrangeCon 2024 on making penetration tests auditable again.
Watch here: https://www.youtube.com/watch?v=Rv0otVFKrkk
#OrangeCon2024 #Pentesting #Cybersecurity #Infosec
Someone should make a circuit board that fits in an original #tamagotchi shell and upgrades the screen and CPU so that it can do a lot of extra stuff; #gps location tracking, #meshtastic node, #pentesting and #radio #hacking like a #flipperZero, etc. Maybe some #arm #soc like a #RaspberryPi, or #Rockchip, or maybe just a little #ESP32. Maybe just cram a #Pebble watch in there or something.
We turned a car into a Mario Kart controller!
At PTP Cyber Fest, attendees used the steering wheel, pedals, and brakes of a real Renault Clio to play SuperTuxKart.
We tapped into the CAN bus with cheap wire splicers.
Mapped the signals using Python.
We even wrote our own state machine to make it all work.
Sure, it was a bit impractical. We had to remove the wing mirrors to fit it inside the building, deal with dodgy electrics, and babysit the car battery.
Next year, we might try something a bit more portable.
Read how we did it here: https://www.pentestpartners.com/security-blog/how-we-turned-a-real-car-into-a-mario-kart-controller-by-intercepting-can-data/
#CyberSecurity #AutomotiveSecurity #CANbus #HackThePlanet #PenTesting #Python #Infosec #PTPCyberFest2025
Kali Linux 2025.1c is out
Fixes update errors from lost signing key
Adds new tools like azurehound and binwalk3
Redesigned menu with MITRE ATT&CK
https://hackread.com/kali-linux-2025-1c-fix-issue-adds-tools-interface-update
DEF CON Training 2025 August 9–12, 2025 | 4-Day Training
Join Michael Aguilar #v3ga and Alex Delifer #Cheet for a hands-on course on Medical Device Penetration Testing at #DEFCON33 @defcon
Learn more and sign up: https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training
Context poisoning is the new hawtness in AI chatbot testing.
https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak
A strict-looking content security policy isn’t always a secure one.
During a recent engagement, we came across a policy that had all the right bits on paper including nonces, locked-down sources, and everything you'd expect.
But one missing directive "base-uri" was all it took to break it wide open.
By injecting a <base> tag, we redirected script loading to an attacker-controlled domain. XSS payload delivered. CSP bypassed.
CSPs need more than checkboxes. They need context, testing, and attention to the small stuff.
Here’s what went wrong and how to avoid it: https://www.pentestpartners.com/security-blog/csp-directives-base-ic-misconfigurations-with-big-consequences/
CARsenal: #KaliLinux 2025.2 bringt Tools zum Hacken von Autos mit | Security https://www.heise.de/news/CARsenal-Kali-Linux-2025-2-bringt-Tools-zum-Hacken-von-Autos-mit-10446995.html #Kali #Linux #PenTesting
New blog post!
"Offline Extraction of Symantec Account Connectivity Credentials (ACCs)"
Following my previous post on the subject, here is how to extract ACCs purely offline.
https://itm4n.github.io/offline-extraction-of-symantec-account-connectivity-credentials/
New issue out!
The Android Keystore: what it really protects, where it fails, and how to test it like a pro.
Let’s crack open the vault
https://www.kayssel.com/newsletter/issue-9/