🚨 𝙋𝙖𝙩𝙘𝙝 𝙣𝙤𝙬! 🚨
🚨 𝙇𝙖𝙤𝙠𝙤𝙤𝙣 𝙎𝙚𝙘𝙪𝙧𝙞𝙩𝙮 𝙛𝙞𝙣𝙙𝙚𝙩 𝙇𝘿𝘼𝙋-𝙄𝙣𝙟𝙚𝙘𝙩𝙞𝙤𝙣 𝙎𝙘𝙝𝙬𝙖𝙘𝙝𝙨𝙩𝙚𝙡𝙡𝙚 𝙞𝙣 𝙒𝙤𝙧𝙙𝙋𝙧𝙚𝙨𝙨 𝙋𝙡𝙪𝙜𝙞𝙣! 🚨

Während eines kürzlich durchgeführten Penetrationstests entdeckten Luca Greeb und Andreas Krüger eine LDAP (Lightweight Directory Access Protocol) Injection-Schwachstelle im "Active Directory Integration / LDAP Integration Login for Intranet Sites"-Plugin für #wordpress.

Die Schwachstelle wurden anschließend im Rahmen eines Responsible Disclosures an die Entwickler gemeldet.

𝗗𝗶𝗲 𝗦𝗰𝗵𝘄𝗮𝗰𝗵𝘀𝘁𝗲𝗹𝗹𝗲 𝘄𝗶𝗿𝗱 𝘂𝗻𝘁𝗲𝗿 𝗖𝗩𝗘-𝟮𝟬𝟮𝟯-𝟯𝟰𝟰𝟳 𝗴𝗲𝗳ü𝗵𝗿𝘁!

Weitere Informationen gibt es auf der Seite von WordFence: https://lnkd.in/ejmx97M8

#itsicherheit #itsecurity #cybersicherheit #cybersecurity #penetrationtest #vulnerability #responsibledisclosure

Cosa sono i Vulnerability Assessment. Un viaggio nelle scansioni automatizzate delle vulnerabilità del software

In questo articolo, esamineremo i diversi tipi di vulnerability assessment, le fasi coinvolte nella valutazione delle #vulnerabilità, gli #strumenti utilizzati per eseguire la valutazione e il #processo che generalmente viene utilizzato.

Discuteremo anche l’importanza della valutazione delle #vulnerabilità per la sicurezza delle organizzazioni e delle società e le differenze con una attività di #penetrationtest.

#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity

https://www.redhotcyber.com/post/cosa-sono-i-vulnerability-assessment-un-viaggio-nelle-scansioni-automatizzate-delle-vulnerabilita-del-software/

The Different Methods and Stages of Penetration Testing
https://thehackernews.com/2023/03/the-different-methods-and-stages-of.html #PenetrationTesting #PenetrationTest

Did a long time coming update to my PowaScripts! Repository at https://github.com/serializingme/powascripts.

Want to highlight two new scripts, one to dump BeyondTrust PowerBroker policy (rules in the policy maybe vulnerable to privilege escalation), and another to dump users' photos stored in Active Directory (useful for social engineering).

Updated the script to dump computers from Active Directory to also dump the sessions and shares of the computers (this will actively connect to the various computers and may turn out very valuable information, like the service desk hidden file share that nobody noticed was open to all the users in the domain.)

Also updated a bunch of scripts with fixes and minor improvements.

#activedirectory #powershell #penetrationtest #powerbroker #applocker

Kicsit berozsdásodtam, de csak feltörtem ezt a boxot is.

#hackthebox #htb #hacking #penetrationtest #magyar

4/30: Finding passwords

One great tool which can be used for security audits and penetration testning is DeHashed. It provides passwords that were scraped from different leaks across the Internet.

https://www.dehashed.com

🔹 Pros: Pretty reliable, great way to audit organisation policys (work account usage and password policys)
🔸​ Cons: Not free, takes sometime to add leaked passwords

At this point, it is important to point out the advantages of the tool rather than focusing on disadvantages. DeHashed is quite nice and is actually quite useful. It has helped me in several penetration tests to give me an idea of how well the organisation's policys are followed, if there are any to be followed of course. Looking at the price, especially considering that penetration tests are not carried out free of charge, it is manageable for the majority (if not all) of organisations.

#penetrationtest #securityaudit #passwords

RedHunt: #distro para simular ataques informáticos

https://blog.segu-info.com.ar/2019/04/redhunt-distro-para-simular-ataques.html

#PenetrationTest