Lenin alevski 🕵️💻<p>How can a DNS mail record be used to trick you into giving up your login credentials? 📨😕</p><p>Researchers at Infoblox have identified a phishing-as-a-service (PhaaS) platform called Morphing Meerkat that’s been quietly operating for over five years. What makes it notable is its use of DNS MX (Mail Exchange) records in ways rarely reported before. Instead of the usual static phishing page setups, Morphing Meerkat queries the victim’s email provider’s MX record—using DNS-over-HTTPS via Google or Cloudflare—to tailor the phishing page dynamically. This means victims are shown spoofed login interfaces that mimic the exact service they use, complete with matching branding and pre-filled email fields.</p><p>The platform supports more than 114 brand templates and uses obfuscated JavaScript to evade detection. It also includes built-in translation capabilities based on browser profile or geolocation, making the fake login pages appear native to the user's language. Earlier versions began in 2020 targeting just five email services (Gmail, Outlook, Yahoo, AOL, Office 365). By mid-2023, they could generate phishing pages dynamically using MX records and now operate in over a dozen languages.</p><p>Morphing Meerkat campaigns rely on a set of centralized email servers, primarily hosted by UK ISP iomart and US-based HostPapa, indicating a coordinated infrastructure rather than a loose network of attackers. The phishing emails often impersonate trusted services—banks, shipping companies, etc.—and are distributed using compromised WordPress sites, open redirects from platforms like Google’s DoubleClick, and embedded links in shortened URLs.</p><p>Once a user submits credentials, the system may display a fake “Invalid Password” error to lure them into re-entering data, after which they are redirected to the real login page. This not only reduces suspicion but also increases the chance of capturing correct credentials. Stolen data is sent back via AJAX, PHP scripts, or Telegram bots, sometimes with evidence removed in real-time.</p><p>This operation shows a deep understanding of modern security blind spots—including how content delivery and DNS infrastructure can be turned against end users.</p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴☠️</p>
Recent searches
No recent searches
Search options
Only available when logged in.
pawb.fun is one of the many independent Mastodon servers you can use to participate in the fediverse.
This instance aimed at any and all within the furry fandom, though anyone is welcome! We're friendly towards members of the LGBTQ+ community and aiming to offer a safe space for our users.
Administered by:
Server stats:
304active users
pawb.fun: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7+glitch
#redteam
1 post · 1 participant · 0 posts today
Bill<p>Hey @viss see this? CISA says you're wrong!</p><p><a href="https://www.theregister.com/2025/03/13/cisa_red_team_layoffs/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">theregister.com/2025/03/13/cis</span><span class="invisible">a_red_team_layoffs/</span></a></p><p><a href="https://infosec.exchange/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cisa</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a></p>
0ddj0bb Is At Cyphercon<p>Hey <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> and <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a> ers, what security controlsnon endpoints and servers make your life miserable on an engagement? </p><p>App allow listing? <br>DEP?<br>Powershell execution policies?<br>Hostbased firewall?</p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyber</span></a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dfir</span></a></p>
Max Maass :donor:<p>Last week, I finally finished my writeup of a vulnerability based on a misuse of <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptography</span></a> that we found a while back in a penetration test. It's my favorite vulnerability so far, as it relies on abusing basic properties of unauthenticated encryption and shows, in a real-world scenario, how such seemingly theoretical issues can compromise an entire system. In the end, it's a teachable moment about both cryptography and secure software architecture.</p><p>I had the draft lying around for more than a year, but reading the articles by <span class="h-card" translate="no"><a href="https://furry.engineer/@soatok" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>soatok</span></a></span> finally reminded me that I should really wrap this up and post it. So, here it is: <a href="https://blog.maass.xyz/encryption-isnt-enough-compromising-a-payment-processor-using-math" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.maass.xyz/encryption-isnt</span><span class="invisible">-enough-compromising-a-payment-processor-using-math</span></a></p><p><a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a> <a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/SoftwareArchitecture" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SoftwareArchitecture</span></a></p>
[𝚜𝚒𝚍𝚗𝚎𝚢𝚜𝟷@~/𝚜𝚛𝚌]$:blinking_cursor:<p>-new year, new job, new intro-</p><p>Hello! I'm a <a href="https://infosec.exchange/tags/millennial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>millennial</span></a> husband and dad of two (I post about that a fair bit). I'm also a cybersecurity researcher and developer currently working for <a href="https://infosec.exchange/tags/Amazon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Amazon</span></a> Internal Audit Security. Previously I worked as a member of the <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS</span></a> Red Team, and before that at a <a href="https://infosec.exchange/tags/DoD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DoD</span></a> <a href="https://infosec.exchange/tags/contractor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>contractor</span></a> doing R&D on cyber <a href="https://infosec.exchange/tags/tooling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tooling</span></a> (incident response, deception, some <a href="https://infosec.exchange/tags/DARPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DARPA</span></a> efforts, etc.), as well as taking part on a <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> at the National Cyber Range.</p><p>I write when I can about things that interest me at Sidneys1.com. Topics range from (mostly) programming to computer tips and tricks or even book and game reviews.</p><p>I also dabble in <a href="https://infosec.exchange/tags/vintagecomputing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vintagecomputing</span></a> - I try to focus on the late-90's early-00's era machines that I grew up with, which I find to be an underrepresented niche.</p><p><a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>introduction</span></a></p>
Martin Boller 🇺🇦 :tux: :freebsd: :windows: :mastodon:<p>Wondering what percentage of legitimate websites are using LetsEncrypt - guessing it will be quite significant, but do anyone have any pre-processed figures.</p><p>Wouldn't you actually blend in more these days using a letsencrypt cert? (for Red Teaming)</p><p><a href="https://infosec.exchange/tags/LazyFediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LazyFediverse</span></a> <a href="https://infosec.exchange/tags/LetsEncrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LetsEncrypt</span></a> <a href="https://infosec.exchange/tags/Percentage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Percentage</span></a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a></p>
Stormy Daniels<p><a href="https://bird.makeup/users/hackinarticles/statuses/1874339769649414221" rel="nofollow noopener noreferrer" target="_blank">bird.makeup/users/hackin...</a>
Privacy Protection Tools Cheat Sheet
🔴⚫️Full HD Image: <a href="https://t.co/hdGaoiMEqC" rel="nofollow noopener noreferrer" target="_blank">t.co/hdGaoiMEqC</a>
<a href="https://bsky.app/search?q=%23infosec" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://bsky.app/search?q=%23cybersecurity" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://bsky.app/search?q=%23pentesting" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://bsky.app/search?q=%23redteam" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://bsky.app/search?q=%23informationsecurity" rel="nofollow noopener noreferrer" target="_blank">#informationsecurity</a> <a href="https://bsky.app/search?q=%23CyberSec" rel="nofollow noopener noreferrer" target="_blank">#CyberSec</a> <a href="https://bsky.app/search?q=%23networking" rel="nofollow noopener noreferrer" target="_blank">#networking</a> <a href="https://bsky.app/search?q=%23networksecurity" rel="nofollow noopener noreferrer" target="_blank">#networksecurity</a> <a href="https://bsky.app/search?q=%23infosecurity" rel="nofollow noopener noreferrer" target="_blank">#infosecurity</a> <a href="https://bsky.app/search?q=%23cyberattacks" rel="nofollow noopener noreferrer" target="_blank">#cyberattacks</a> <a href="https://bsky.app/search?q=%23security" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://bsky.app/search?q=%23linux" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://bsky.app/search?q=%23cybersecurityawareness" rel="nofollow noopener noreferrer" target="_blank">#cybersecurityawareness</a> <a href="https://bsky.app/search?q=%23bugbounty" rel="nofollow noopener noreferrer" target="_blank">#bugbounty</a> <a href="https://bsky.app/search?q=%23bugbountytips" rel="nofollow noopener noreferrer" target="_blank">#bugbountytips</a></p>
Scratch Monkey BLU3<p>Good day netizens. Blue has returned after 10 years in tech, once again on the job hunt. I have worked a variety of roles from hands-on computer repair to NOC tech to Sys admin and more. In that time, I have accrued several certifications including the <a href="https://hackers.town/tags/Swimlane" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Swimlane</span></a> Certified <a href="https://hackers.town/tags/SOAR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SOAR</span></a> Administrator, <a href="https://hackers.town/tags/CompTIA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CompTIA</span></a> <a href="https://hackers.town/tags/Network" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Network</span></a>+, <a href="https://hackers.town/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a>+, <a href="https://hackers.town/tags/Pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentest</span></a>+, <a href="https://hackers.town/tags/CertifiedNetworkVulnerabilityProfessional" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CertifiedNetworkVulnerabilityProfessional</span></a>, and <a href="https://hackers.town/tags/CASP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CASP</span></a>+. I'm currently looking for <a href="https://hackers.town/tags/remotework" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>remotework</span></a> for anywhere in the <a href="https://hackers.town/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>US</span></a> . I'm targeting <a href="https://hackers.town/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> roles, since that is what I am passionate about and my certifications are focused in, but I am also open to other IT roles such as software engineer, dev ops, etc. I'm a <a href="https://hackers.town/tags/transgender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>transgender</span></a> woman trying to provide for her <a href="https://hackers.town/tags/LGBTQIA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LGBTQIA</span></a> family and any pay would greatly help us make ends meet as we try to survive in this refuge state where the cost of living is so much higher than back home. Boosts and sharing is welcome, thanks for your time and help. <a href="https://hackers.town/tags/getfedihired" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>getfedihired</span></a> <a href="https://hackers.town/tags/breakingintoinfosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>breakingintoinfosec</span></a> <a href="https://hackers.town/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://hackers.town/tags/informationtechnology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationtechnology</span></a> <a href="https://hackers.town/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> <a href="https://hackers.town/tags/netadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>netadmin</span></a> <a href="https://hackers.town/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://hackers.town/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a></p>
Jonathan Birch<p>Apparently I am getting one more <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a> this year, and this one is kind of cool :)</p><p>Earlier this year, I found a critical vulnerability in the Microsoft Update Catalog (<a href="https://catalog.update.microsoft.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">catalog.update.microsoft.com</span><span class="invisible"></span></a> ). This is the site where you go to download individual update packages for Microsoft products.</p><p>I <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> for <a href="https://infosec.exchange/tags/microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>microsoft</span></a> and I pulled off that exploit as part of my normal work. Previously Microsoft hasn't issued CVE's for service vulnerabilities, but now as part of the expanded Secure Future Initiative, critical vulnerabilities in Microsoft service get CVE's. I think 9.3/8.4 is the highest CVSS I've ever gotten.</p><p>This is a "no action" CVE, because there's nothing for you do to make yourself safer. Microsoft already patched the service.</p><p>I don't know if I can say more about the exploit than what's in the official disclosure. You can read that here:<br><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49147" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">msrc.microsoft.com/update-guid</span><span class="invisible">e/vulnerability/CVE-2024-49147</span></a></p><p><a href="https://infosec.exchange/tags/cve_2024_49147" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve_2024_49147</span></a></p>
serious business :donor: :heart_cyber:<p>lol <br>lmao</p><p>Sauce: <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-326a" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cisa.gov/news-events/cybersecu</span><span class="invisible">rity-advisories/aa24-326a</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/cisa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cisa</span></a></p>
Martin Boller 🇺🇦 :tux: :freebsd: :windows: :mastodon:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@hack_lu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>hack_lu</span></a></span> thanks for an awesome conference, keep up the <strong>FANTASTIC</strong> work you all do.</p><p>Here's the ramblings of a tired old man who loved being there.</p><p><a href="https://www.infosecworrier.dk/blog/2024/10/hacklu2024.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">infosecworrier.dk/blog/2024/10</span><span class="invisible">/hacklu2024.html</span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ministraitor" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ministraitor</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@claushoumann" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>claushoumann</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@grumpy4n6" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>grumpy4n6</span></a></span> (let's go together 2025) <a href="https://infosec.exchange/tags/hacklu2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacklu2024</span></a> <a href="https://infosec.exchange/tags/Cryptography" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptography</span></a> <a href="https://infosec.exchange/tags/Defender" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Defender</span></a> <a href="https://infosec.exchange/tags/Attacker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Attacker</span></a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a> <a href="https://infosec.exchange/tags/KubeHound" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KubeHound</span></a> <a href="https://infosec.exchange/tags/Copilot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Copilot</span></a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://infosec.exchange/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/Kunai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kunai</span></a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zeek</span></a> <a href="https://infosec.exchange/tags/Galah" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Galah</span></a></p>
Mike Sheward<p>Mini Pen Test Diaries Story:</p><p>The target of the test was an enterprise web app, designed to be hosted and accessed from within a trusted network - like an enterprise LAN. Most customers would login to the app with SSO, or AD-integrated authentication, but it also supported a local login mechanism, so it could have its own accounts.</p><p>Although this app was designed to never go near the dirty dirty internet, we all know how companies be, so as part of the test, I decided to go looking around for any instances of it that may be out there. Plan wasn't to test them of course, not in scope, but I was curious to see how this software was actually being deployed in the real world.</p><p>After about 15 seconds on Shodan, I found dozens of instances of this thing out there on the Internet. From the screenshots of the login page, I could see that all of them were in local authentication mode - meaning, no third party or federated auth was being used.</p><p>I raised this as a finding in the report, mentioning that, "hey, although this isn't directly your issue, there are plenty of examples of your customers using your app like this, so...perhaps consider adding MFA to the local authentication provider, to add that layer of protection to the app? Lest one of your customers expose themselves in the same way that so many apparently have done so."</p><p>At report review time, the dev team was furious about this finding - "why, would you put this finding in our pentest report? It's not our issue whatsoever!"</p><p>So I calmly explained to them, "you're correct, not your direct issue, but you're the folks in the best position to fix it, right? The customers can't add MFA to your code, and clearly theres a reason your customers keep putting these things on the Internet? Have you asked them about it?" </p><p>They still weren't convinced at all. </p><p>Now, I've been doing this for a while, so used to push back from dev teams on certain things occasionally, but you know, this one seemed like a no-brainer, really.</p><p>I asked, who's gonna get the blame when these things get compromised by cred stuffing?</p><p>Who's IP is out there for other malicious actors to find and play with?</p><p>But still, they weren't having it.</p><p>There's no real magical ending to this one unfortunately. The software sits out there to this day, no MFA to be seen. But this one is a perfect example of why we often find ourselves in the situations we do in this industry.</p><p>An unwillingness to just do the right thing, simply because doing that thing doesn't exactly fall within your direct purview. </p><p>Even if, in this example, you didn't want to do MFA - just take the finding, and go ask your customers to take their instances of the internet. Be proactive. It would give your account execs a reason to talk to customers - they'd love it. </p><p>It's not always this way, but when it is, you can very easily understand the chain of decisions that lead to a number of the major breaches we seen on a daily basis. Don't be like these devs, think outside of the box. Or LAN, I suppose.</p><p>Want to read more, slightly less mini stories like this: <a href="https://infosecdiaries.com" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">infosecdiaries.com</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a></p>
Bill<p>Burp Suite is all of a sudden leaving a dozen temp files out every time I close. Sometimes there are one, or two when I open it in the morning, these days it's more like 12 or 14 every time.</p><p>Anyone else seeing that?</p><p><a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a></p>
Feu d'jais 🥑<p>J'ai regardé une vidéo récemment, le gars disait avoir "plein d'adresses IP à disposition". Pour faire des tests, faire tourner des bots. Et je me demande comment ça marche ? Combien ça coûte ? Qui lui fournit ce service ?</p><p><a href="https://eldritch.cafe/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Sysadmin</span></a> <a href="https://eldritch.cafe/tags/Pentester" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pentester</span></a> <a href="https://eldritch.cafe/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a></p>
Jeremi M Gosney :verified:<p>Team <a href="https://infosec.exchange/tags/Hashcat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hashcat</span></a> is pleased to present our much anticipated write-up for this year's <a href="https://infosec.exchange/tags/CrackMeIfYouCan" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CrackMeIfYouCan</span></a> contest at <a href="https://infosec.exchange/tags/Defcon32" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Defcon32</span></a> </p><p>📕 Read it here:<br><a href="https://raw.githubusercontent.com/hashcat/team-hashcat/8a72d338660cc6d8f4f8014bd8e3236f8c59cd6e/CMIYC2024/CMIYC2024TeamHashcatWriteup.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">raw.githubusercontent.com/hash</span><span class="invisible">cat/team-hashcat/8a72d338660cc6d8f4f8014bd8e3236f8c59cd6e/CMIYC2024/CMIYC2024TeamHashcatWriteup.pdf</span></a></p><p><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> <a href="https://infosec.exchange/tags/passwordcracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwordcracking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/ctf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ctf</span></a> <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>defcon</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Xavier Ashe :donor:<p>TIL that most honeypots accept NULL passwords, while normal OpenSSH configs will kick you out. Easy <a href="https://infosec.exchange/tags/honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>honeypot</span></a> detection. <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a></p>
Deviant Ollam<p>It's fun to walk around the Black Hat expo floor and just see an endless parade of companies whose datacenters we've broken into. 😁</p><p>(It's also extra fun to have a career where I can openly admit this and I'm not confessing to a felony. We have exceptional lives, those of us in this industry.) 💚</p><p><a href="https://defcon.social/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RedTeam</span></a></p>
Tinker ☀️<p>There is something so satisfying in kicking off an entire RFC1918 scan.</p><p>Doing a single port at a brisk but safe (for my environment) pace.</p><p>~/# nmap -Pn -n -p <single port number> -T4 --open 10.0.0.0/8</p><p>~/# nmap -Pn -n -p <single port number> -T4 --open 172.16.0.0/12</p><p>~/# nmap -Pn -n -p <single port number> -T4 --open 192.168.0.0/16</p><p>(command broken out for dramatic effect - also note that I break out each of those CIDRs into /24's so that if anything breaks, I can pick up easier where the last known good ended. It's scripted and I prefer it this way.)</p><p>I am not doing a ping sweep or a DNS resolution. I'm assuming all hosts are up. And I'm looking for every host with a single port open. So even if they dont respond to pings (or something is preventing pings), I should get an answer back.</p><p>Note, I could certainly do faster (T5 or masscan, gawd) - but this is about as fast as I'm going to do in my environment and still be safe.</p><p>Also, only looking for open ports right now - no fingerprinting yet.</p><p>A cool thing about this approach is many intrusion detection still will only look for multiple ports on a single host to trigger an alert. Some still ignore many hosts / single port scans (to their detriment). </p><p>We've long sense purple teamed this, so I sent a notification to SOC letting them know my actions and asking them nicely (I bribed them last week) to not stop me, lol.</p><p>Should take a couple weeks to a month at this pace and in my environment to hit every single one of the just shy of 18,000,000 hosts 😂 </p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>penetrationtesting</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/intrusionDetection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intrusionDetection</span></a></p>
Tinker ☀️<p>Ok. I think I've given them enough of a rest...</p><p>The greater security team asked me to chill for a bit because they were overloaded with findings. That makes perfect sense. I gave them enough to chew on and I try to rotate findings that various teams can work on.</p><p>This one specific team remediated a lot of my findings. It took a long time and they worked very hard and worked with multiple multiple multiple ops teams to get it done. </p><p>And I gave them ample time to rest afterwards. I announced their success to the CISO and give them major kudos.</p><p>But I'm about to be that guy who rewards good work with more work.</p><p>I'm going to do the dreaded "Full Security Audit".</p><p>I think I'll stretch before I send off these initial enumeration scans. I've got my custom scripts ready. I might step out to buy an energy drink.</p><p>Eris damned, even the anticipation has my dopamine and adrenaline flowing.</p><p><a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/redTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redTeam</span></a> <a href="https://infosec.exchange/tags/penetrationTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>penetrationTesting</span></a> <a href="https://infosec.exchange/tags/penTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>penTesting</span></a></p>
DEFCON 201<p>Over the course of the next few weeks, <a href="https://hostux.social/tags/hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hackers</span></a> virtually around the world will be reaching the next lvl sk177z at <br><span class="h-card" translate="no"><a href="https://infosec.exchange/@ringzer0" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ringzer0</span></a></span>!</p><p>Find out how at the <a href="https://hostux.social/tags/DCG201" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DCG201</span></a> <a href="https://hostux.social/tags/HackerSummerCamp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerSummerCamp</span></a> 2024 Guide for <a href="https://hostux.social/tags/ringzer0" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ringzer0</span></a> <a href="https://hostux.social/tags/DOUBLEDOEN24" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DOUBLEDOEN24</span></a>: <a href="https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-eight-doubledown24-by-ringzer0-3b36a9241553" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">defcon201.medium.com/hacker-su</span><span class="invisible">mmer-camp-2024-guides-part-eight-doubledown24-by-ringzer0-3b36a9241553</span></a></p><p><span class="h-card" translate="no"><a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>defcon</span></a></span> <a href="https://hostux.social/tags/bhusa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bhusa</span></a> <a href="https://hostux.social/tags/blackhat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blackhat</span></a> <a href="https://hostux.social/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>redteam</span></a> <a href="https://hostux.social/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>blueteam</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload