#cybsersecurity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #cybsersecurity, aggregated by home.social.
-
Are your pentest reports DDoS-ing your stakeholders with huge reports they don't have time to read?
It's 2026, AI is everywhere, but reporting is still a grind. Here's how we help:
🗂️ Centralize data & keep it organized: automated scans, manual findings, risk level tweask - all live in a unified workspace.
📸 Get automatic proof for PoCs: screenshots, request/response logs, attack replays, list of users, etc. - they're all part of scan results.
🚀 Ship reports that reflect your expertize: it takes minutes (yes, seriously) to generate editable DOCX or G Docs reports which you can brand before sending.
See how our reporting feature handles the heavy lifting: https://pentest-tools.com/features/pentest-reporting
-
7. Who asked for this? (Yes, I ask that question everywhere. What is the demand to which all this is the supply? Please don't say 'supply creates demand' unless you are the narcos.)
8. What is the threat model that the system in the Rules addresses? Is that the threat model for the most significant quantum of fraud in India as the source & destination of fraud?
#digitalrights #cybsersecurity #fraudprevention #womenssafety
-
Complexity is the enemy of Security. Why can this be true when Defense in depth is a big thing? Well, complexity allows for more bugs/vulns. Defense layers do not need to be complex. Each layer should be simple.
Am I wrong?
#infosec #cybsersecurity -
Analysis of capabilities and communication channels used by IOCONTROL IoT/OT malware
https://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol
-
There is no such thing as a back door that only the good guys can use. Eventually, somebody else "will" find and exploit it without your knowledge or consent.
Headline: T-Mobile Hacked in Massive Chinese Breach of Telecom Networks
Subtitle: Carrier joins growing list of known victims, including AT&T and Verizon, of the major Chinese spying operation
-
Useful guide on Linux page cache, memory management, mmap and cgroups
https://biriukov.dev/docs/page-cache/0-linux-page-cache-for-sre/
-
N-days exploits chaining
Chrome RCE: https://blog.theori.io/chaining-n-days-to-compromise-all-part-1-chrome-renderer-rce-1afccf56721b
Windows LPE 1: https://blog.theori.io/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape-44cb49d7a4f8
Windows LPE 2: https://blog.theori.io/chaining-n-days-to-compromise-all-part-2-windows-kernel-lpe-a-k-a-chrome-sandbox-escape-44cb49d7a4f8
Information leakage: https://blog.theori.io/chaining-n-days-to-compromise-all-part-4-vmware-workstation-information-leakage-44476b05d410
Guest-to-Host Escape: https://blog.theori.io/chaining-n-days-to-compromise-all-part-5-vmware-workstation-host-to-guest-escape-5a1297e431b5
-
Well written guide on Linux page cache, memory management, mmap and cgroups
https://biriukov.dev/docs/page-cache/0-linux-page-cache-for-sre/
-
Deep dive into Cross-Silicon UEFI security
-
ebpfkit is a rootkit that leverages multiple eBPF features to implement offensive security techniques
GitHub repo: https://github.com/Gui774ume/ebpfkit?tab=readme-ov-file
BH presentation: https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-With-Friends-Like-EBPF-Who-Needs-Enemies.pdf
DefCon: https://media.defcon.org/DEF%20CON%2029/DEF%20CON%2029%20presentations/Guillaume%20Fournier%20Sylvain%20Afchain%20Sylvain%20Baubeau%20-%20eBPF%2C%20I%20thought%20we%20were%20friends.pdf -
use-after-free vulnerability due to the interaction between Unix garbage collection (GC) and the io_uring Linux kernel component
https://blogs.oracle.com/linux/post/unix-garbage-collection-and-iouring
Credits Shoily Rahman
-
You guys know those bots that post links to exposed servers? I'm fairly certain I looked at this one the other day, a screenshot of it at least. I remember discussing with a few people what exactly we were looking at and finally deciding that it was some sort of water treatment plant. This shit isn't hard; they're not entering the matrix, our public infrastructure is literally exposing non-password-protected VNC to the open internet...
-
Interesting reading (2022) for anyone into embedded/IoT devices analysis and exploitation
Blog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://github.com/MarginResearch/resources/blob/83e402a86370f7c3acf8bb3ad982c1fee89c9b53/documents/Pulling_MikroTik_into_the_Limelight.pdf -
Two new WiFi authentication vulnerabilities discovered by @vanhoefm and written up by yours truly https://www.top10vpn.com/research/wifi-vulnerabilities/ #wifi #cybsersecurity #vulnerability
-
DJI RM500 Smart Controller reverse engineer and exploitation
-
MikroTik routers reverse engineering and exploitation. Excellent research work.
Blog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://github.com/MarginResearch/resources/blob/83e402a86370f7c3acf8bb3ad982c1fee89c9b53/documents/Pulling_MikroTik_into_the_Limelight.pdf
-
Are regulations innovation triggers or killers❓
🔗 Read the full article here: https://lnkd.in/e__gPczk #cybsersecurity
-
Great writeup about reverse engineering MikroTik router
Blog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://margin.re/content/files/2022/11/Pulling_MikroTik_into_the_Limelight-RECon-2022.pdf
#iot #embedded #mikrotik #reverseengineering #cybsersecurity
-
Interesting writeup about MikroTik routers reverse engineering and exploitation
Blog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://github.com/MarginResearch/resources/blob/83e402a86370f7c3acf8bb3ad982c1fee89c9b53/documents/Pulling_MikroTik_into_the_Limelight.pdf
#iot #embedded #mikrotik #reverseengineering #cybsersecurity
-
MikroTik router reverse engineering
Interesting writeup by for anyone interested in embedded/IoT devices securityBlog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://github.com/MarginResearch/resources/blob/83e402a86370f7c3acf8bb3ad982c1fee89c9b53/documents/Pulling_MikroTik_into_the_Limelight.pdf
-
Nice presentation on legit tools used by attackers
https://jsac.jpcert.or.jp/archive/2023/pdf/JSAC2023_1_1_yamashige-nakatani-tanaka_en.pdf
-
Interesting writeup about reverse engineering embedded/IoT devices (MikroTik router)
Blog post: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/
Slides (RECon): https://github.com/MarginResearch/resources/blob/83e402a86370f7c3acf8bb3ad982c1fee89c9b53/documents/Pulling_MikroTik_into_the_Limelight.pdf#iot #embedded #mikrotik #routeros #reverseengineering #infosec #cybsersecurity
-
on 30 July at 6:30pm Pacific @megan will join @infosystir, Brian Boettcher and I to discuss her new #book she co-authored from #packtPublishing https://www.packtpub.com/product/practical-threat-detection-engineering/9781801076715
"Practical #Threat Detection Engineering"
We'll go through some of the chapters on #threatdetection, talk about how to get started in #threatIntel and answer your questions! Join us on https://twitch.tv/brakesec, on #LinkedinLive, or on our Youtube channel for VOD (https://youtube.com/c/BDSPodcast
-
on 30 July at 6:30pm Pacific @megan will join @infosystir, Brian Boettcher and I to discuss her new #book she co-authored from #packtPublishing https://www.packtpub.com/product/practical-threat-detection-engineering/9781801076715
"Practical #Threat Detection Engineering"
We'll go through some of the chapters on #threatdetection, talk about how to get started in #threatIntel and answer your questions! Join us on https://twitch.tv/brakesec, on #LinkedinLive, or on our Youtube channel for VOD (https://youtube.com/c/BDSPodcast
-
on 30 July at 6:30pm Pacific @megan will join @infosystir, Brian Boettcher and I to discuss her new #book she co-authored from #packtPublishing https://www.packtpub.com/product/practical-threat-detection-engineering/9781801076715
"Practical #Threat Detection Engineering"
We'll go through some of the chapters on #threatdetection, talk about how to get started in #threatIntel and answer your questions! Join us on https://twitch.tv/brakesec, on #LinkedinLive, or on our Youtube channel for VOD (https://youtube.com/c/BDSPodcast
-
on 30 July at 6:30pm Pacific @megan will join @infosystir, Brian Boettcher and I to discuss her new #book she co-authored from #packtPublishing https://www.packtpub.com/product/practical-threat-detection-engineering/9781801076715
"Practical #Threat Detection Engineering"
We'll go through some of the chapters on #threatdetection, talk about how to get started in #threatIntel and answer your questions! Join us on https://twitch.tv/brakesec, on #LinkedinLive, or on our Youtube channel for VOD (https://youtube.com/c/BDSPodcast
-
on 30 July at 6:30pm Pacific @megan will join @infosystir, Brian Boettcher and I to discuss her new #book she co-authored from #packtPublishing https://www.packtpub.com/product/practical-threat-detection-engineering/9781801076715
"Practical #Threat Detection Engineering"
We'll go through some of the chapters on #threatdetection, talk about how to get started in #threatIntel and answer your questions! Join us on https://twitch.tv/brakesec, on #LinkedinLive, or on our Youtube channel for VOD (https://youtube.com/c/BDSPodcast
-
Akuvox E11 intercoms reverse engineering and exploitation.
Nice research and a must read for anyone into IoT devices securityhttps://claroty.com/team82/research/the-silent-spy-among-us-modern-attacks-against-smart-intercoms
-
Very cool writeup by Lorant Szabo on achieving arbitrary code execution in Huawei "SD-Update" recovery mode
-
Just saw this malicious ad on Facebook, so I'll copy and paste the post I made about it here.
If y'all see this ad on Facebook, do NOT click on it. The ad takes you to a very basic "Google Sites" page and then asks you to click a link to "download" the video in question. But the links to download the video file actually point to a .exe file, which is a Windows executable file and almost certainly a piece of malware intended to infect your device.
-
Apropos of nothing, data security is not data privacy, consequently you need both a data security threat model and a data privacy threat model.
#datasecurity #dataprivacy #cybsersecurity #infosec #privacy #roombagobrrr