#securityassessment — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #securityassessment, aggregated by home.social.
-
We know GenAI is risky, so why aren’t we fixing its flaws? https://www.helpnetsecurity.com/2025/06/27/cobalt-research-llm-security-vulnerabilities/ #penetrationtesting #securityassessment #cybersecurity #GenerativeAI #Cobalt #report #News #LLMs
-
🐈⬛ Hashcat – A Practical Guide to Password Auditing
Hashcat is a powerful GPU-accelerated password recovery tool used by security professionals to test the strength of passwords in authorized environments.
🧠 What Hashcat is used for:
• Auditing password hashes (e.g., from Windows, Linux, web apps)
• Testing password policies and complexity
• Identifying weak or reused credentials in simulated lab setups🔐 Key Features:
• Supports a wide variety of hash types (MD5, SHA1, NTLM, bcrypt, etc.)
• Multiple attack modes: dictionary, brute-force, mask, hybrid, rule-based
• Highly customizable and efficient with GPU acceleration
• Works well for red teamers and defenders validating password hygiene🎯 When to use it:
• During penetration tests (with permission)
• In password policy assessments
• For internal security audits and training exercisesDisclaimer: This guide is for educational and ethical use only. Only audit password hashes on systems you own or have explicit authorization to test.
#Hashcat #CyberSecurity #PasswordAuditing #EthicalHacking #InfoSec #EducationOnly #RedTeamTools #CredentialSecurity #GPUCracking #SecurityAssessment
-
🐈⬛ Hashcat – A Practical Guide to Password Auditing
Hashcat is a powerful GPU-accelerated password recovery tool used by security professionals to test the strength of passwords in authorized environments.
🧠 What Hashcat is used for:
• Auditing password hashes (e.g., from Windows, Linux, web apps)
• Testing password policies and complexity
• Identifying weak or reused credentials in simulated lab setups🔐 Key Features:
• Supports a wide variety of hash types (MD5, SHA1, NTLM, bcrypt, etc.)
• Multiple attack modes: dictionary, brute-force, mask, hybrid, rule-based
• Highly customizable and efficient with GPU acceleration
• Works well for red teamers and defenders validating password hygiene🎯 When to use it:
• During penetration tests (with permission)
• In password policy assessments
• For internal security audits and training exercisesDisclaimer: This guide is for educational and ethical use only. Only audit password hashes on systems you own or have explicit authorization to test.
#Hashcat #CyberSecurity #PasswordAuditing #EthicalHacking #InfoSec #EducationOnly #RedTeamTools #CredentialSecurity #GPUCracking #SecurityAssessment
-
🐈⬛ Hashcat – A Practical Guide to Password Auditing
Hashcat is a powerful GPU-accelerated password recovery tool used by security professionals to test the strength of passwords in authorized environments.
🧠 What Hashcat is used for:
• Auditing password hashes (e.g., from Windows, Linux, web apps)
• Testing password policies and complexity
• Identifying weak or reused credentials in simulated lab setups🔐 Key Features:
• Supports a wide variety of hash types (MD5, SHA1, NTLM, bcrypt, etc.)
• Multiple attack modes: dictionary, brute-force, mask, hybrid, rule-based
• Highly customizable and efficient with GPU acceleration
• Works well for red teamers and defenders validating password hygiene🎯 When to use it:
• During penetration tests (with permission)
• In password policy assessments
• For internal security audits and training exercisesDisclaimer: This guide is for educational and ethical use only. Only audit password hashes on systems you own or have explicit authorization to test.
#Hashcat #CyberSecurity #PasswordAuditing #EthicalHacking #InfoSec #EducationOnly #RedTeamTools #CredentialSecurity #GPUCracking #SecurityAssessment
-
🐈⬛ Hashcat – A Practical Guide to Password Auditing
Hashcat is a powerful GPU-accelerated password recovery tool used by security professionals to test the strength of passwords in authorized environments.
🧠 What Hashcat is used for:
• Auditing password hashes (e.g., from Windows, Linux, web apps)
• Testing password policies and complexity
• Identifying weak or reused credentials in simulated lab setups🔐 Key Features:
• Supports a wide variety of hash types (MD5, SHA1, NTLM, bcrypt, etc.)
• Multiple attack modes: dictionary, brute-force, mask, hybrid, rule-based
• Highly customizable and efficient with GPU acceleration
• Works well for red teamers and defenders validating password hygiene🎯 When to use it:
• During penetration tests (with permission)
• In password policy assessments
• For internal security audits and training exercisesDisclaimer: This guide is for educational and ethical use only. Only audit password hashes on systems you own or have explicit authorization to test.
#Hashcat #CyberSecurity #PasswordAuditing #EthicalHacking #InfoSec #EducationOnly #RedTeamTools #CredentialSecurity #GPUCracking #SecurityAssessment
-
🐈⬛ Hashcat – A Practical Guide to Password Auditing
Hashcat is a powerful GPU-accelerated password recovery tool used by security professionals to test the strength of passwords in authorized environments.
🧠 What Hashcat is used for:
• Auditing password hashes (e.g., from Windows, Linux, web apps)
• Testing password policies and complexity
• Identifying weak or reused credentials in simulated lab setups🔐 Key Features:
• Supports a wide variety of hash types (MD5, SHA1, NTLM, bcrypt, etc.)
• Multiple attack modes: dictionary, brute-force, mask, hybrid, rule-based
• Highly customizable and efficient with GPU acceleration
• Works well for red teamers and defenders validating password hygiene🎯 When to use it:
• During penetration tests (with permission)
• In password policy assessments
• For internal security audits and training exercisesDisclaimer: This guide is for educational and ethical use only. Only audit password hashes on systems you own or have explicit authorization to test.
#Hashcat #CyberSecurity #PasswordAuditing #EthicalHacking #InfoSec #EducationOnly #RedTeamTools #CredentialSecurity #GPUCracking #SecurityAssessment
-
Time to level up your data skills! Who’s using TISAX already? Let’s discuss!
#TISAX #TISAXCertification #InformationSecurity #AutomotiveSecurity #RiskManagement #VDAISA #AutomotiveIndustry #ThirdPartyRiskManagement #SecurityAssessment #GQSSingapore
-
Time to level up your data skills! Who’s using TSAX already? Let’s discuss!
#TISAX #TISAXCertification #InformationSecurity #AutomotiveSecurity #RiskManagement #VDAISA #AutomotiveIndustry #ThirdPartyRiskManagement #SecurityAssessment #GQSSingapore
-
Strengthening security posture with comprehensive cybersecurity assessments https://www.helpnetsecurity.com/2024/12/10/phani-dasari-hgs-cybersecurity-assessments/ #securityassessment #securitycontrols #threatdetection #riskmanagement #cybersecurity #compliance #HGSDigital #regulation #Don'tmiss #Features #Hotstuff #opinion #News
-
Hello everyone.
In today's article, we examine the Penetration Testing Report process in detail.
I wish everyone a good read.
https://denizhalil.com/2024/11/25/penetration-testing-report-importance-template/#cybersecurity #ethicalhacking #pentesting #penetrationtesting #securityassessment
-
What to look for when reviewing a company's infrastructure
https://blog.marcolancini.it/2022/blog-cloud-security-infrastructure-review/
-
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) https://www.helpnetsecurity.com/2024/08/09/cve-2024-42219-cve-2024-42218/ #securityassessment #passwordmanager #vulnerability #Don'tmiss #1Password #passwords #Hotstuff #macOS #News #CVE
-
A journey into forgotten Null Session and MS-RPC interfaces – Source: securelist.com https://ciso2ciso.com/a-journey-into-forgotten-null-session-and-ms-rpc-interfaces-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #Offensivecybersecurity #securityassessment #CyberSecurityNews #Cybersecurity #securelistcom #TIandIRposts #research #pentest #SOC
-
A journey into forgotten Null Session and MS-RPC interfaces – Source: securelist.com https://ciso2ciso.com/a-journey-into-forgotten-null-session-and-ms-rpc-interfaces-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #Offensivecybersecurity #securityassessment #CyberSecurityNews #Cybersecurity #securelistcom #TIandIRposts #research #pentest #SOC
-
A journey into forgotten Null Session and MS-RPC interfaces – Source: securelist.com https://ciso2ciso.com/a-journey-into-forgotten-null-session-and-ms-rpc-interfaces-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #Offensivecybersecurity #securityassessment #CyberSecurityNews #Cybersecurity #securelistcom #TIandIRposts #research #pentest #SOC
-
A journey into forgotten Null Session and MS-RPC interfaces – Source: securelist.com https://ciso2ciso.com/a-journey-into-forgotten-null-session-and-ms-rpc-interfaces-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #Offensivecybersecurity #securityassessment #CyberSecurityNews #Cybersecurity #securelistcom #TIandIRposts #research #pentest #SOC
-
Finding software flaws early in the development process provides ROI https://www.helpnetsecurity.com/2024/03/29/development-process-software-flaws/ #softwaredevelopment #securityassessment #securitytesting #cybersecurity #Don'tmiss #Hotstuff #software #Probely #News
-
Finding software flaws early in the development process provides ROI https://www.helpnetsecurity.com/2024/03/29/development-process-software-flaws/ #softwaredevelopment #securityassessment #securitytesting #cybersecurity #Don'tmiss #Hotstuff #software #Probely #News
-
Finding software flaws early in the development process provides ROI https://www.helpnetsecurity.com/2024/03/29/development-process-software-flaws/ #softwaredevelopment #securityassessment #securitytesting #cybersecurity #Don'tmiss #Hotstuff #software #Probely #News
-
Finding software flaws early in the development process provides ROI https://www.helpnetsecurity.com/2024/03/29/development-process-software-flaws/ #softwaredevelopment #securityassessment #securitytesting #cybersecurity #Don'tmiss #Hotstuff #software #Probely #News
-
Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com https://ciso2ciso.com/top-10-web-application-vulnerabilities-in-2021-2023-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #VulnerabilityStatistics #securityassessment #CyberSecurityNews #Securityservices #vulnerabilities #Cybersecurity #securelistcom #SQLinjection #passwords #research #XSS
-
Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com https://ciso2ciso.com/top-10-web-application-vulnerabilities-in-2021-2023-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #VulnerabilityStatistics #securityassessment #CyberSecurityNews #Securityservices #vulnerabilities #Cybersecurity #securelistcom #SQLinjection #passwords #research #XSS
-
Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com https://ciso2ciso.com/top-10-web-application-vulnerabilities-in-2021-2023-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #VulnerabilityStatistics #securityassessment #CyberSecurityNews #Securityservices #vulnerabilities #Cybersecurity #securelistcom #SQLinjection #passwords #research #XSS
-
Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com https://ciso2ciso.com/top-10-web-application-vulnerabilities-in-2021-2023-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #VulnerabilityStatistics #securityassessment #CyberSecurityNews #Securityservices #vulnerabilities #Cybersecurity #securelistcom #SQLinjection #passwords #research #XSS
-
Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com https://ciso2ciso.com/top-10-web-application-vulnerabilities-in-2021-2023-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #VulnerabilityStatistics #securityassessment #CyberSecurityNews #Securityservices #vulnerabilities #Cybersecurity #securelistcom #SQLinjection #passwords #research #XSS
-
Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com https://ciso2ciso.com/top-10-web-application-vulnerabilities-in-2021-2023-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #VulnerabilityStatistics #securityassessment #CyberSecurityNews #Securityservices #vulnerabilities #Cybersecurity #securelistcom #SQLinjection #passwords #research #XSS
-
Top 10 web application vulnerabilities in 2021–2023 – Source: securelist.com https://ciso2ciso.com/top-10-web-application-vulnerabilities-in-2021-2023-source-securelist-com/ #Vulnerabilitiesandexploits #rssfeedpostgeneratorecho #VulnerabilityStatistics #securityassessment #CyberSecurityNews #Securityservices #vulnerabilities #Cybersecurity #securelistcom #SQLinjection #passwords #research #XSS
-
We start the show off with a bunch of Apple news talking about them having a backdoor in their phones for the last four years or more. Apple adds a new feature in iOS 17.3 called Stolen Device Protection and in iOS 17.4 Apple will allow side loading. #security #networksecurity #infosec #cybersecurity #computersecurity #netsec #podcast #securityassessment
-
We start the show off with a bunch of Apple news talking about them having a backdoor in their phones for the last four years or more. Apple adds a new feature in iOS 17.3 called Stolen Device Protection and in iOS 17.4 Apple will allow side loading. #security #networksecurity #infosec #cybersecurity #computersecurity #netsec #podcast #securityassessment
https://podcast.lipanisecurity.com/e/apple-iphone-had-backdoor/
-
CW: research review
G. Bella et al., "PETIoT: PEnetration Testing the Internet of Things"¹
Attackers may attempt exploiting Internet of Things (IoT) devices to operate them unduly as well as to gather personal data of the legitimate device owners'. Vulnerability Assessment and Penetration Testing (VAPT) sessions help to verify the effectiveness of the adopted security measures. However, VAPT over IoT devices, namely VAPT targeted at IoT devices, is an open research challenge due to the variety of target technologies and to the creativity it may require. Therefore, this article aims at guiding penetration testers to conduct VAPT sessions over IoT devices by means of a new cyber Kill Chain (KC) termed PETIoT. Several practical applications of PETIoT confirm that it is general, while its main novelty lies in the combination of attack and defence steps. PETIoT is demonstrated on a relevant example, the best-selling IP camera on Amazon Italy, the TAPO C200 by TP-Link, assuming an attacker who sits on the same network as the device's in order to assess all the network interfaces of the device. Additional knowledge is generated in terms of three zero-day vulnerabilities found and practically exploited on the camera, one of these with High severity and the other two with Medium severity by the CVSS standard. These are camera Denial of Service (DoS), motion detection breach and video stream breach. The application of PETIoT culminates with the proof-of-concept of a home-made fix, based on an inexpensive Raspberry Pi 4 Model B device, for the last vulnerability. Ultimately, our responsible disclosure with the camera vendor led to the release of a firmware update that fixes all found vulnerabilities, confirming that PetIoT has valid impact in real-world scenarios.
#arXiv #ResearchPaper #IoT #Pentesting #SecurityAssessment #InternetOfThings
__
¹ https://arxiv.org/abs/2302.04900 -
How to Choose the Right Business Continuity Test for You - Today’s businesses need to be prepared for unforeseen impacts on their work. A Bus... - https://readwrite.com/2021/10/23/how-to-choose-the-right-business-continuity-test-for-you/ #customeronboardingtemplate #contentmarketingforsaas #qualityassuranceprocess #businesscontinuityplan #businesscontinuitytest #securityassessment #operate #csat