Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

240
active users

veganism.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.4

#pentesting

7 posts6 participants0 posts today
Public
0x40k

Whoa. An Iranian APT group hanging out in a CNI network for *two whole years*? That’s some next-level persistence, seriously. It really drives home the point that these threat actors aren't messing around.

This is yet another stark reminder that solid security isn't just a 'nice-to-have' – it's absolutely non-negotiable. Seeing them use classic tactics like snagged VPN credentials, web shells, and backdoors might seem like standard stuff, but it's incredibly dangerous. And things get *really* critical when they start poking around Operational Technology (OT) systems.

Honestly, it baffles me why so many organizations still seem to struggle with the fundamentals. Patch management, proper network segmentation, multi-factor authentication... shouldn't these just be standard operating procedure by now?

What do you think? What are the weakest links you see in CNI security these days? Let me know your thoughts below!

#Cybersecurity#APT#CNI
Public
0x40k

Whoa, Commvault got hit?! 🤯 Wild stuff going down. Apparently, a "Nation-State Actor" is involved – definitely serious business. Looks like it targeted their Azure environment... potentially using a Zero-Day exploit (CVE-2025-3928). Yikes!

Now, Commvault *claims* no customer data was compromised, but honestly, who really knows for sure? Let's face it, backups are prime targets for these kinds of attackers. 😒

So, what should you be looking at right now?
* Definitely double-check your Conditional Access Policies for Microsoft 365/Azure AD.
* Get those Client Secrets rotated (yeah, every 90 days – seriously!).
* And keep a close watch on your Azure Sign-in Logs.

Look, I keep hammering this point home: security can't be an afterthought; it needs to be baked in from day one! Sure, automated scans have their place, but they're *no substitute* for a thorough manual pentest. That's our philosophy – we're here to actually *help* clients secure their stuff, not just push products. Your security genuinely matters to us.

What are your thoughts on cloud security these days? Got any solid tips to share with everyone here? Let us know below! 🤔
#Cybersecurity #Pentesting #CloudSecurity

Public
0x40k

Ugh, let's talk about IABs... Initial Access Brokers. Seriously, they're a massive headache right now. 😠 You've got players like ToyMaker basically acting as locksmiths, handing over the keys to ransomware gangs like CACTUS and others... It's incredibly frustrating. Honestly, as pentesters, we see the fallout from this *all the time*. 😪

And the names they use? LAGTOY, HOLERUN – they sound almost innocent, like something from a toy store, right? Don't let that fool you; it's seriously nasty malware designed to scan networks, sniff out weaknesses, and bam! Just like that, they've kicked the door in. 🚪

So, what's the takeaway here? Patch your systems, people! Please! ☝️ And just as importantly, you can't *only* rely on automated scans. They have their place, but they miss things. Regular, hands-on, manual penetration testing is absolutely key! Sure, it's an investment, but weigh that against the potential cost when everything goes sideways because of a breach... 🔥 It's a no-brainer, really.

What security fundamentals do you consider absolutely non-negotiable? Solid firewall rules? Multi-Factor Authentication (MFA)? Let me know your thoughts! 🤔

#ITSecurity#Pentesting#Ransomware
Public
0x40k

Seeing VPNs in the crosshairs again? This DslogdRAT hitting Ivanti Connect Secure is seriously bad news.

You know, it's a stark reminder: just clicking 'patch' doesn't cut it anymore. We've *really* got to dig deeper and check if attackers haven't already found a way inside *before* the patch went live.

Think about web shells – they're basically hidden backdoors. You often have to hunt for these manually. Why? Because your automated scans? Yeah, they frequently miss 'em.

And honestly, folks, penetration testing isn't just some 'nice-to-have' checkbox. For critical systems like these? It's absolutely *essential*. Non-negotiable, really.

So, how are you locking down your VPN infrastructure these days? Share your strategies!

#ITSecurity#Pentesting#VPN
Public
0x40k

NHIs seem to be everywhere these days! 🚀 But hang on, what does this actually *mean* for us penetration testers? 🤔

Well, it means we've got to shift our perspective. Think about it: We used to hunt for usernames and passwords. Now, the game's changed to tracking down API keys and service accounts. Good luck with that hunt! 😈

And then there are the permissions... often, they're *way* too generous. You know who loves that? Attackers! 🥳 Makes their job a whole lot easier.

Sure, automated scans have their place, but let's be real: they won't cut it alone when it comes to NHIs. 🙅‍♂️ We absolutely *have* to dig deeper and really understand the underlying logic. Otherwise, we're just scratching the surface and missing the critical flaws.

So, what kind of NHI exploits have you bumped into out there? Drop your stories below! 👇

#Pentesting#NHI#CyberSecurity
Public
0x40k

Look, AI stepping into the security arena? Yeah, it can definitely lend a hand sometimes. But trusting it completely? Not a chance.

Honestly, these tools seem to hallucinate more wildly than my mate did after that last big convention! 😄 You know what I mean? They just make stuff up sometimes.

When push comes to shove, *real* penetration testing carried out by actual humans? Still absolutely invaluable. There's just no substitute for that expertise right now.

Of course, you often see clients chasing after the quickest, cheapest solution they can find... 🙄 It's understandable, but risky.

So, what's your take on it all? When do you reckon this initial wave of AI euphoria will actually start to settle down? Let me know what you think!

#AISecurity#Pentesting#CyberSec
Public
0x40k

Whoa, hold up! 🤯 There's a new Linux rootkit dubbed "Curing" out in the wild, and it's got a nasty trick: leveraging `io_uring` to slip right past traditional security tools. Why? Because most of those tools are laser-focused on system calls... which `io_uring` can bypass.

So, what's the deal with `io_uring`? Picture an application chatting directly with the kernel, essentially skipping the front desk where system calls usually check-in. "Curing" exploits this direct line for its command-and-control communication, leaving *none* of the usual suspicious system call footprints. Talk about stealth mode! And heads up – Google has actually been warning about the potential risks here for some time.

Speaking from a pentester's perspective, this is yet another stark reminder: just relying on "basic" security isn't going to cut it. We really need to dive deeper, get our hands dirty with kernel-level analysis and understanding. Let's be clear: running automated scans is *not* the same as a thorough penetration test!

What about you? Are you utilizing `io_uring` in your environment? What kind of security measures have you put in place around it? Seriously curious – how do you see kernel security evolving from here? Let's discuss! 👇

#Cybersecurity#Linux#Rootkit
Public
0x40k

So, a client hit me with this today: "Seriously, how safe *are* our Microsoft accounts?" Good question. Right now, Russian APT groups are hitting hard with some nasty social engineering, especially going after Ukraine connections. 🤯

Here’s their playbook: They're exploiting MS OAuth 2.0. You think you're just logging in normally, right? But boom – they swipe your code and get the 2FA approved. The really scary part? They're leveraging *legitimate* Microsoft services to do it! 😫

As a pentester, I see this kind of thing more often than I'd like. Honestly, even seasoned pros can get caught out. Your firewall isn't much help against this, and automated scans? They often don't catch it either. 🤷‍♂️

So, what actually makes a difference? For starters, keep a sharp eye on any new devices registered in Entra ID. Boosting your team's awareness training is crucial too. Plus, make sure your Conditional Access Policies are properly configured and enforced.

Have you seen attacks like this in the wild? Curious to hear your experiences! Share 'em below. 👇

#Cybersecurity#Pentesting#SocialEngineering
Public
0x40k

Whoa, that Google phishing scam was pretty wild, wasn't it? 🤯 Seriously, DKIM replay *and* abusing Google Sites... somebody got *really* creative there.

Look, we all know phishing isn't new. But the ingenuity attackers are showing lately? It's genuinely getting a bit unnerving. And the real kicker? Too many companies still think a simple automated scan has their back. Spoiler: it doesn't. Catching sophisticated stuff like this often takes a proper penetration tester who knows where to look.

It's always a good feeling when we help clients spot these things before they blow up. Honestly, though, security really needs to be driven from the top and actually get the budget it deserves.

Makes you think, huh? How long 'til we see the first wave of AI-driven phishing attacks that are *scarily* good? Gives me the chills!

#phishing#infosec#pentesting
Public
13reak :fedora:

Watch out with your Azure Automation Account / Runbooks.

  • they often include hard-coded credentials
  • their output is not protected. So attackers can see your results
  • they can use Shared Resources (i.e. credentials or certificates)
  • Hybrid Worker and Azure Arc allow access to your on-premise infrastructure

Dangerous stuff if not managed correctly!

#cloud#azure#knowledgedrop
VegansExploreLive feeds
About