Laokoon SecurITy · @lsec
3 followers · 15 posts · Server ioc.exchange

๐Ÿšจ ๐™‹๐™–๐™ฉ๐™˜๐™ ๐™ฃ๐™ค๐™ฌ! ๐Ÿšจ
๐Ÿšจ ๐™‡๐™–๐™ค๐™ ๐™ค๐™ค๐™ฃ ๐™Ž๐™š๐™˜๐™ช๐™ง๐™ž๐™ฉ๐™ฎ ๐™›๐™ž๐™ฃ๐™™๐™š๐™ฉ ๐™‡๐˜ฟ๐˜ผ๐™‹-๐™„๐™ฃ๐™Ÿ๐™š๐™˜๐™ฉ๐™ž๐™ค๐™ฃ ๐™Ž๐™˜๐™๐™ฌ๐™–๐™˜๐™๐™จ๐™ฉ๐™š๐™ก๐™ก๐™š ๐™ž๐™ฃ ๐™’๐™ค๐™ง๐™™๐™‹๐™ง๐™š๐™จ๐™จ ๐™‹๐™ก๐™ช๐™œ๐™ž๐™ฃ! ๐Ÿšจ

Wรคhrend eines kรผrzlich durchgefรผhrten Penetrationstests entdeckten Luca Greeb und Andreas Krรผger eine LDAP (Lightweight Directory Access Protocol) Injection-Schwachstelle im "Active Directory Integration / LDAP Integration Login for Intranet Sites"-Plugin fรผr .

Die Schwachstelle wurden anschlieรŸend im Rahmen eines Responsible Disclosures an die Entwickler gemeldet.

๐——๐—ถ๐—ฒ ๐—ฆ๐—ฐ๐—ต๐˜„๐—ฎ๐—ฐ๐—ต๐˜€๐˜๐—ฒ๐—น๐—น๐—ฒ ๐˜„๐—ถ๐—ฟ๐—ฑ ๐˜‚๐—ป๐˜๐—ฒ๐—ฟ ๐—–๐—ฉ๐—˜-๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฏ-๐Ÿฏ๐Ÿฐ๐Ÿฐ๐Ÿณ ๐—ด๐—ฒ๐—ณรผ๐—ต๐—ฟ๐˜!

Weitere Informationen gibt es auf der Seite von WordFence: lnkd.in/ejmx97M8

#wordpress #itsicherheit #itsecurity #cybersicherheit #cybersecurity #penetrationtest #vulnerability #responsibledisclosure

Last updated 1 year ago

Redhotcyber · @redhotcyber
463 followers · 879 posts · Server mastodon.bida.im

Cosa sono i Vulnerability Assessment. Un viaggio nelle scansioni automatizzate delle vulnerabilitร  del software

In questo articolo, esamineremo i diversi tipi di vulnerability assessment, le fasi coinvolte nella valutazione delle , gli utilizzati per eseguire la valutazione e il che generalmente viene utilizzato.

Discuteremo anche lโ€™importanza della valutazione delle per la sicurezza delle organizzazioni e delle societร  e le differenze con una attivitร  di .

redhotcyber.com/post/cosa-sono

#vulnerabilitร  #strumenti #processo #penetrationtest #redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #CyberSecurityAwareness #cybersecuritytraining #CyberSecurityNews #privacy #infosecurity

Last updated 2 years ago

Scripter :verified_flashing: · @scripter
218 followers · 992 posts · Server social.tchncs.de
Duarte Silva · @serializingme
64 followers · 160 posts · Server infosec.exchange

Did a long time coming update to my PowaScripts! Repository at github.com/serializingme/powas.

Want to highlight two new scripts, one to dump BeyondTrust PowerBroker policy (rules in the policy maybe vulnerable to privilege escalation), and another to dump users' photos stored in Active Directory (useful for social engineering).

Updated the script to dump computers from Active Directory to also dump the sessions and shares of the computers (this will actively connect to the various computers and may turn out very valuable information, like the service desk hidden file share that nobody noticed was open to all the users in the domain.)

Also updated a bunch of scripts with fixes and minor improvements.

#activedirectory #powershell #penetrationtest #powerbroker #applocker

Last updated 2 years ago

Pitypangharcos · @pitypangharcos
77 followers · 75 posts · Server masto.ai

Kicsit berozsdรกsodtam, de csak feltรถrtem ezt a boxot is.

#hackthebox #htb #hacking #penetrationtest #magyar

Last updated 2 years ago

gucci ๐Ÿช‚ · @gucci
-1 followers · 18 posts · Server infosec.exchange

4/30: Finding passwords

One great tool which can be used for security audits and penetration testning is DeHashed. It provides passwords that were scraped from different leaks across the Internet.

dehashed.com

๐Ÿ”น Pros: Pretty reliable, great way to audit organisation policys (work account usage and password policys)
๐Ÿ”ธโ€‹ Cons: Not free, takes sometime to add leaked passwords

At this point, it is important to point out the advantages of the tool rather than focusing on disadvantages. DeHashed is quite nice and is actually quite useful. It has helped me in several penetration tests to give me an idea of how well the organisation's policys are followed, if there are any to be followed of course. Looking at the price, especially considering that penetration tests are not carried out free of charge, it is manageable for the majority (if not all) of organisations.

#penetrationtest #securityaudit #passwords

Last updated 2 years ago