#pentests — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #pentests, aggregated by home.social.
-
New Warning — Microsoft Copilot AI Can Access Restricted Passwords
https://www.forbes.com/sites/daveywinder/2025/05/14/new-warning---microsoft-copilot-ai-can-access-restricted-passwords/
#cybersecurity #copilot #Sharepoint #password #cracking #pentests -
If you want coverage aka get the maximum out of tests such as #Pentests, Scans and #testing in general, you shouldn't have only DEV, TEST, STAGE/INT and PROD environments, you should also provide an AUTO environment. The AUTO environment would be focused on supporting automation, meaning in the web app case simplifying authentication for scanners, don't aggressively invalidate sessions, remove CSRF protection etc.
Same for mobile apps btw.
#devsecops #devops -
Została wydana nowa wersja dystrybucji Parrot Security OS 6.2. Parrot Security OS to specjalistyczna dystrybucja Linuksa stworzona do testów penetracyjnych, informatyki śledczej, łamania zabezpieczeń, testów zabezpieczeń https://linuxiarze.pl/parrot-6-2/ #linux #debian #cybersecurity #pentests
-
Was super fun to attend #aws #reinforce but this guy and another are glad I’m home and I think some customers want me to get busy on their #pentests!
-
Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.
Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/
-
Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.
Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/
-
Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.
Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/
-
Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.
Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/
-
Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.
1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)
🚨 Security Risk: High
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/
-
Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.
1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)
🚨 Security Risk: High
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/
-
Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.
1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)
🚨 Security Risk: High
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/
-
Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.
1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)
🚨 Security Risk: High
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/
-
Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.
1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)
🚨 Security Risk: High
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/
-
#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1
During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw
#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity
-
#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1
During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw
#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity
-
#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1
During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw
#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity
-
#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1
During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw
#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity
-
The #BurpSuite extension #CSTC by @usdAG saved my a** during several web app #pentests.
It allows you to easily transform HTTP requests and responses.
Use it to save time when you would otherwise have to write a bunch of custom code!
Here's everything you need to know about it 👇
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Burp
-
The #BurpSuite extension #CSTC by @usdAG saved my a** during several web app #pentests.
It allows you to easily transform HTTP requests and responses.
Use it to save time when you would otherwise have to write a bunch of custom code!
Here's everything you need to know about it 👇
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Burp
-
The #BurpSuite extension #CSTC by @usdAG saved my a** during several web app #pentests.
It allows you to easily transform HTTP requests and responses.
Use it to save time when you would otherwise have to write a bunch of custom code!
Here's everything you need to know about it 👇
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Burp
-
The #BurpSuite extension #CSTC by @usdAG saved my a** during several web app #pentests.
It allows you to easily transform HTTP requests and responses.
Use it to save time when you would otherwise have to write a bunch of custom code!
Here's everything you need to know about it 👇
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Burp
-
The #BurpSuite extension #CSTC by @usdAG saved my a** during several web app #pentests.
It allows you to easily transform HTTP requests and responses.
Use it to save time when you would otherwise have to write a bunch of custom code!
Here's everything you need to know about it 👇
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking #Burp
-
The #usdHeroLab analysts examined #ThingsBoard while conducting their #pentests.
1⃣Vulnerability Type: Server-Side Template Injection
🚨Security Risk: High
🧵👇 More Details🧐ThingsBoard is an open-source IoT platform for data collection, processing, visualization, and device management.
During an assessment a Server-Side Template Injection (SSTI) vulnerability has been discovered. It enables attackers to dynamically create and modify templates, that are used for automated generation of mail content, which results in the execution of arbitrary system commands.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩💻👨💻👇
https://herolab.usd.de/en/security-advisories/usd-2023-0010/
-
The #usdHeroLab analysts examined the Content Management System #SuperWebMailer while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇🧵 More Details🧐SuperWebMailer is an online application for managing e-mail newsletters. The vulnerability enabled attackers to execute requests on behalf of other users.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 👩💻🧑💻 👇
-
The #usdHeroLab analysts examined the Content Management System #SuperWebMailer while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇🧵 More Details🧐SuperWebMailer is an online application for managing e-mail newsletters. The vulnerability enabled attackers to execute requests on behalf of other users.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 👩💻🧑💻 👇
-
The #usdHeroLab analysts examined the Content Management System #SuperWebMailer while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇🧵 More Details🧐SuperWebMailer is an online application for managing e-mail newsletters. The vulnerability enabled attackers to execute requests on behalf of other users.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 👩💻🧑💻 👇
-
The #usdHeroLab analysts examined the Content Management System #SuperWebMailer while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇🧵 More Details🧐SuperWebMailer is an online application for managing e-mail newsletters. The vulnerability enabled attackers to execute requests on behalf of other users.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 👩💻🧑💻 👇
-
The #usdHeroLab analysts examined the Content Management System #Contao while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of Input During Web Page Generation (CWE-79)
🚨 Security Risk: Medium
👇More details🧐Contao is an open source Content Management System that allows you to create professional websites and scalable web applications.
The vulnerability enabled attackers with a low-privileged role to use a modified HTTP request to create an article with a JavaScript payload of their choice, which was client-triggered on the frontend and backend. For example, such an attack could upgrade a low-privileged account to an administrator account.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩💻👇
https://herolab.usd.de/en/security-advisories/usd-2023-0020/
-
The #usdHeroLab analysts examined the #SAP HTTP Content Server while conducting their #pentests.
1⃣Vulnerability Type: Improper Neutralization of HTTP Headers for Scripting Syntax #CWE644 #CVE202326457
🚨 Security Risk: High
👇🧵 More detailsThe SAP HTTP Content Server returns error messages in the header x-errordescription of the #HTTP Response. When invalid input is provided in a HTTP request, it is also placed in the error message inside this header.
During this process the input is URL-decoded, therefore for example %41 is translated to A and %0a is translated to a newline. This enables an #attacker to add new headers and change the content of the response.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩💻👨💻👇
https://herolab.usd.de/security-advisories/usd-2022-0046/ -
The #usdHeroLab analysts examined the #SAP Partner Portal while conducting their #pentests.
1⃣ Vulnerability Type: Improper Neutralization of Input During Web Page Generation #CWE79 #CrossSiteScripting
🚨 Security Risk: High
👇🧵 More detailsIn cases where users do not have sufficient permissions to view a specific URL within the #SAP Partner Portal, they get redirected to an error page. During this redirection, the requested URL is passed to the error message as a parameter without any filtering or encoding.
Therefore it is possible to include HTML-Tags and JavaScript in the URL, making it possible for malicious actors to launch #XSS attacks.The vulnerability was reported to the vendor under the Responsible Disclosure Policy and subsequently fixed for #moresecurity. More information can be found here 👩💻👇
https://herolab.usd.de/security-advisories/usd-2023-0017/ -
"Hey Ma, Where Do #Pentests Come From?" @dnsprincess explains #pentesting via a storybook at this year's #GRRCon.
Don't miss this informative and fun presentation at one of the Midwest's premier #infosec conferences!
-
Website update finally. Figured might be a good idea due to an upcoming announcement. At least doesn’t say next cloud security class is November 2019 in Melbourne, Australia 😆
#2ndSightLab #Cyber #Cloud #Security #pentests #assessments #training
https://2ndsightlab.medium.com/2nd-sight-lab-website-update-cc08e61754c6
-
To counteract the increasing complexity of #hacker attacks, high-quality #pentests are essential. This is best achieved when the knowledge and instinct of #pentest professionals are complemented by suitable #tools. 🛠️
That's why our extensive experience with #TechnicalSecurityAnalyses is continuously contributes to the development of helpful tools. As a result, we proudly present our in-house developments #FlowMate, #SNCScan and #CSTC to the global #SecurityCommunity at #BlackHat and @support. We are proud to provide international security experts with tools for #moresecurity
Our Colleagues Matthias Göhring, Nicolas Schickert and Florian Haag are fine-tuning the very last details before heading to #LasVegas next week. We wish our Heroes great presentations and keep our fingers crossed!🤞
-
To counteract the increasing complexity of #hacker attacks, high-quality #pentests are essential. This is best achieved when the knowledge and instinct of #pentest professionals are complemented by suitable #tools. 🛠️
That's why our extensive experience with #TechnicalSecurityAnalyses is continuously contributes to the development of helpful tools. As a result, we proudly present our in-house developments #FlowMate, #SNCScan and #CSTC to the global #SecurityCommunity at #BlackHat and @support. We are proud to provide international security experts with tools for #moresecurity
Our Colleagues Matthias Göhring, Nicolas Schickert and Florian Haag are fine-tuning the very last details before heading to #LasVegas next week. We wish our Heroes great presentations and keep our fingers crossed!🤞
-
To counteract the increasing complexity of #hacker attacks, high-quality #pentests are essential. This is best achieved when the knowledge and instinct of #pentest professionals are complemented by suitable #tools. 🛠️
That's why our extensive experience with #TechnicalSecurityAnalyses is continuously contributes to the development of helpful tools. As a result, we proudly present our in-house developments #FlowMate, #SNCScan and #CSTC to the global #SecurityCommunity at #BlackHat and @support. We are proud to provide international security experts with tools for #moresecurity
Our Colleagues Matthias Göhring, Nicolas Schickert and Florian Haag are fine-tuning the very last details before heading to #LasVegas next week. We wish our Heroes great presentations and keep our fingers crossed!🤞
-
Another #cloudsecurity tool we're fans of: ScoutSuite, a multi-cloud security #auditing tool. Use it across all major #cloudcomputing platforms. Save time on your #cloud #pentests with this tool! https://bfx.social/43C7Dkn
-
Did you miss Episode 10 of our #ToolTalk #livestream series? Then you’ll want to read the corresponding blog post from @chris Cerne where he goes into the use cases for creating your own #BurpSuite extensions, how he created his Nicolas Cage-themed #BurpCage, and how these extensions can help you power up your #pentests. https://bfx.social/421RBiE
P.S. You can also stream the episode on demand!
-
In Episode 10 of our #ToolTalk technical livestream series, we’re shining a light on the #BurpSuite extension #BurpCage created by Bishop Fox’s Chris Cerne. Join us as we:
- Explore why it is beneficial to create extensions and dive into how Chris created BurpCage, which is a new extension that replaces any image proxied through #BurpSuite utilizing the Montoya API.
- Show how you can apply Chris’s tips and techniques to create extensions to level up your #appsec #pentests.
- And more!
This episode streams May 25; learn more here ⬇
https://bfx.social/3VVThZr #BFLive -
If you were annoyed by the recent multi-lines output bug in #ffuf in your #pentests and #bugbounty engagements, I've just fixed it: https://github.com/ffuf/ffuf/pull/656
It's not yet merged, but in the meantime you can apply the patch locally and recompile ffuf if needed! 🤗
-
I'm looking to enhance our Cybersecurity library with books about Hardware Hacking and Security and could need some help.
I checked out Cybersecurity Canon but could only find a single Hardware Hacking book in their list. I'm looking for books about Pentesting Hardware, a general overview about embedded software security or even some general Cybersecurity books, if the contents transfer well.Any pointers?
#Cybersecurity #Pentests #HardwareHacking #HardwareSecurity #EmbeddedSoftware
-
#Security experts declare all #Proton apps secure after they pass their #pentests
ProtonMail Blog post
https://protonmail.com/blog/penetration-tests/
