๐จ ๐๐๐ฉ๐๐ ๐ฃ๐ค๐ฌ! ๐จ
๐จ ๐๐๐ค๐ ๐ค๐ค๐ฃ ๐๐๐๐ช๐ง๐๐ฉ๐ฎ ๐๐๐ฃ๐๐๐ฉ ๐๐ฟ๐ผ๐-๐๐ฃ๐๐๐๐ฉ๐๐ค๐ฃ ๐๐๐๐ฌ๐๐๐๐จ๐ฉ๐๐ก๐ก๐ ๐๐ฃ ๐๐ค๐ง๐๐๐ง๐๐จ๐จ ๐๐ก๐ช๐๐๐ฃ! ๐จ
Wรคhrend eines kรผrzlich durchgefรผhrten Penetrationstests entdeckten Luca Greeb und Andreas Krรผger eine LDAP (Lightweight Directory Access Protocol) Injection-Schwachstelle im "Active Directory Integration / LDAP Integration Login for Intranet Sites"-Plugin fรผr #wordpress.
Die Schwachstelle wurden anschlieรend im Rahmen eines Responsible Disclosures an die Entwickler gemeldet.
๐๐ถ๐ฒ ๐ฆ๐ฐ๐ต๐๐ฎ๐ฐ๐ต๐๐๐ฒ๐น๐น๐ฒ ๐๐ถ๐ฟ๐ฑ ๐๐ป๐๐ฒ๐ฟ ๐๐ฉ๐-๐ฎ๐ฌ๐ฎ๐ฏ-๐ฏ๐ฐ๐ฐ๐ณ ๐ด๐ฒ๐ณรผ๐ต๐ฟ๐!
Weitere Informationen gibt es auf der Seite von WordFence: https://lnkd.in/ejmx97M8
#itsicherheit #itsecurity #cybersicherheit #cybersecurity #penetrationtest #vulnerability #responsibledisclosure
#wordpress #itsicherheit #itsecurity #cybersicherheit #cybersecurity #penetrationtest #vulnerability #responsibledisclosure
Cosa sono i Vulnerability Assessment. Un viaggio nelle scansioni automatizzate delle vulnerabilitร del software
In questo articolo, esamineremo i diversi tipi di vulnerability assessment, le fasi coinvolte nella valutazione delle #vulnerabilitร , gli #strumenti utilizzati per eseguire la valutazione e il #processo che generalmente viene utilizzato.
Discuteremo anche lโimportanza della valutazione delle #vulnerabilitร per la sicurezza delle organizzazioni e delle societร e le differenze con una attivitร di #penetrationtest.
#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity
#vulnerabilitร #strumenti #processo #penetrationtest #redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #CyberSecurityAwareness #cybersecuritytraining #CyberSecurityNews #privacy #infosecurity
The Different Methods and Stages of Penetration Testing
https://thehackernews.com/2023/03/the-different-methods-and-stages-of.html #PenetrationTesting #PenetrationTest
#penetrationtest #penetrationtesting
Did a long time coming update to my PowaScripts! Repository at https://github.com/serializingme/powascripts.
Want to highlight two new scripts, one to dump BeyondTrust PowerBroker policy (rules in the policy maybe vulnerable to privilege escalation), and another to dump users' photos stored in Active Directory (useful for social engineering).
Updated the script to dump computers from Active Directory to also dump the sessions and shares of the computers (this will actively connect to the various computers and may turn out very valuable information, like the service desk hidden file share that nobody noticed was open to all the users in the domain.)
Also updated a bunch of scripts with fixes and minor improvements.
#activedirectory #powershell #penetrationtest #powerbroker #applocker
#activedirectory #powershell #penetrationtest #powerbroker #applocker
Kicsit berozsdรกsodtam, de csak feltรถrtem ezt a boxot is.
#hackthebox #htb #hacking #penetrationtest #magyar
4/30: Finding passwords
One great tool which can be used for security audits and penetration testning is DeHashed. It provides passwords that were scraped from different leaks across the Internet.
๐น Pros: Pretty reliable, great way to audit organisation policys (work account usage and password policys)
๐ธโ Cons: Not free, takes sometime to add leaked passwords
At this point, it is important to point out the advantages of the tool rather than focusing on disadvantages. DeHashed is quite nice and is actually quite useful. It has helped me in several penetration tests to give me an idea of how well the organisation's policys are followed, if there are any to be followed of course. Looking at the price, especially considering that penetration tests are not carried out free of charge, it is manageable for the majority (if not all) of organisations.
#penetrationtest #securityaudit #passwords
RedHunt: #distro para simular ataques informรกticos
https://blog.segu-info.com.ar/2019/04/redhunt-distro-para-simular-ataques.html