Hey @viss see this? CISA says you're wrong!
https://www.theregister.com/2025/03/13/cisa_red_team_layoffs/
The Register · CISA: We didn't fire our red team, we just unhired a bunch of them
Recent searches
Search options
#redteam
0 posts0 participants0 posts today
@hacksilon@infosec.exchangeLast week, I finally finished my writeup of a vulnerability based on a misuse of #Cryptography that we found a while back in a penetration test. It's my favorite vulnerability so far, as it relies on abusing basic properties of unauthenticated encryption and shows, in a real-world scenario, how such seemingly theoretical issues can compromise an entire system. In the end, it's a teachable moment about both cryptography and secure software architecture.
I had the draft lying around for more than a year, but reading the articles by @soatok finally reminded me that I should really wrap this up and post it. So, here it is: https://blog.maass.xyz/encryption-isnt-enough-compromising-a-payment-processor-using-math
Max' Musings on Security · Encryption Isn't Enough: Compromising a Payment Processor using Math
@Sidneys1@infosec.exchange#introduction post!
-new year, new job, new intro-
Hello! I'm a #millennial husband and dad of two (I post about that a fair bit). I'm also a cybersecurity researcher and developer currently working for #Amazon Internal Audit Security. Previously I worked as a member of the #AWS Red Team, and before that at a #DoD #contractor doing R&D on cyber #tooling (incident response, deception, some #DARPA efforts, etc.), as well as taking part on a #redteam at the National Cyber Range.
I write when I can about things that interest me at Sidneys1.com. Topics range from (mostly) programming to computer tips and tricks or even book and game reviews.
I also dabble in #vintagecomputing - I try to focus on the late-90's early-00's era machines that I grew up with, which I find to be an underrepresented niche.
@itisiboller@infosec.exchangeWondering what percentage of legitimate websites are using LetsEncrypt - guessing it will be quite significant, but do anyone have any pre-processed figures.
Wouldn't you actually blend in more these days using a letsencrypt cert? (for Red Teaming)
bird.makeup/users/hackin...
Privacy Protection Tools Cheat Sheet
️Full HD Image: t.co/hdGaoiMEqC
#infosec #cybersecurity #pentesting #redteam #informationsecurity #CyberSec #networking #networksecurity #infosecurity #cyberattacks #security #linux #cybersecurityawareness #bugbounty #bugbountytips
Urgently seeking work, please boost 
Good day netizens. Blue has returned after 10 years in tech, once again on the job hunt. I have worked a variety of roles from hands-on computer repair to NOC tech to Sys admin and more. In that time, I have accrued several certifications including the #Swimlane Certified #SOAR Administrator, #CompTIA #Network+, #Security+, #Pentest+, #CertifiedNetworkVulnerabilityProfessional, and #CASP+. I'm currently looking for #remotework for anywhere in the #US . I'm targeting #cybersecurity roles, since that is what I am passionate about and my certifications are focused in, but I am also open to other IT roles such as software engineer, dev ops, etc. I'm a #transgender woman trying to provide for her #LGBTQIA family and any pay would greatly help us make ends meet as we try to survive in this refuge state where the cost of living is so much higher than back home. Boosts and sharing is welcome, thanks for your time and help. #getfedihired #breakingintoinfosec #infosec #informationtechnology #sysadmin #netadmin #redteam #pentest
Apparently I am getting one more #CVE this year, and this one is kind of cool :)
Earlier this year, I found a critical vulnerability in the Microsoft Update Catalog (https://catalog.update.microsoft.com ). This is the site where you go to download individual update packages for Microsoft products.
I #redteam for #microsoft and I pulled off that exploit as part of my normal work. Previously Microsoft hasn't issued CVE's for service vulnerabilities, but now as part of the expanded Secure Future Initiative, critical vulnerabilities in Microsoft service get CVE's. I think 9.3/8.4 is the highest CVSS I've ever gotten.
This is a "no action" CVE, because there's nothing for you do to make yourself safer. Microsoft already patched the service.
I don't know if I can say more about the exploit than what's in the official disclosure. You can read that here:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49147
catalog.update.microsoft.comMicrosoft Update Catalog
@itisiboller@infosec.exchange@hack_lu thanks for an awesome conference, keep up the FANTASTIC work you all do.
Here's the ramblings of a tired old man who loved being there.
https://www.infosecworrier.dk/blog/2024/10/hacklu2024.html
@ministraitor @claushoumann @grumpy4n6 (let's go together 2025) #hacklu2024 #Cryptography #Defender #Attacker #RedTeam #KubeHound #Copilot #Microsoft #BlueTeam #OT #Kunai #Zeek #Galah
Infosec Worrier · hack.lu 2024hack.lu is always great # About # Hack.
Mini Pen Test Diaries Story:
The target of the test was an enterprise web app, designed to be hosted and accessed from within a trusted network - like an enterprise LAN. Most customers would login to the app with SSO, or AD-integrated authentication, but it also supported a local login mechanism, so it could have its own accounts.
Although this app was designed to never go near the dirty dirty internet, we all know how companies be, so as part of the test, I decided to go looking around for any instances of it that may be out there. Plan wasn't to test them of course, not in scope, but I was curious to see how this software was actually being deployed in the real world.
After about 15 seconds on Shodan, I found dozens of instances of this thing out there on the Internet. From the screenshots of the login page, I could see that all of them were in local authentication mode - meaning, no third party or federated auth was being used.
I raised this as a finding in the report, mentioning that, "hey, although this isn't directly your issue, there are plenty of examples of your customers using your app like this, so...perhaps consider adding MFA to the local authentication provider, to add that layer of protection to the app? Lest one of your customers expose themselves in the same way that so many apparently have done so."
At report review time, the dev team was furious about this finding - "why, would you put this finding in our pentest report? It's not our issue whatsoever!"
So I calmly explained to them, "you're correct, not your direct issue, but you're the folks in the best position to fix it, right? The customers can't add MFA to your code, and clearly theres a reason your customers keep putting these things on the Internet? Have you asked them about it?"
They still weren't convinced at all.
Now, I've been doing this for a while, so used to push back from dev teams on certain things occasionally, but you know, this one seemed like a no-brainer, really.
I asked, who's gonna get the blame when these things get compromised by cred stuffing?
Who's IP is out there for other malicious actors to find and play with?
But still, they weren't having it.
There's no real magical ending to this one unfortunately. The software sits out there to this day, no MFA to be seen. But this one is a perfect example of why we often find ourselves in the situations we do in this industry.
An unwillingness to just do the right thing, simply because doing that thing doesn't exactly fall within your direct purview.
Even if, in this example, you didn't want to do MFA - just take the finding, and go ask your customers to take their instances of the internet. Be proactive. It would give your account execs a reason to talk to customers - they'd love it.
It's not always this way, but when it is, you can very easily understand the chain of decisions that lead to a number of the major breaches we seen on a daily basis. Don't be like these devs, think outside of the box. Or LAN, I suppose.
Want to read more, slightly less mini stories like this: https://infosecdiaries.com
Infosec DiariesInfosec DiariesLearn Pen Testing, Blue Teaming and Digital Forensics
Burp Suite is all of a sudden leaving a dozen temp files out every time I close. Sometimes there are one, or two when I open it in the morning, these days it's more like 12 or 14 every time.
Anyone else seeing that?
@feudjais@eldritch.cafeJ'ai regardé une vidéo récemment, le gars disait avoir "plein d'adresses IP à disposition". Pour faire des tests, faire tourner des bots. Et je me demande comment ça marche ? Combien ça coûte ? Qui lui fournit ce service ?
@epixoip@infosec.exchangeTeam #Hashcat is pleased to present our much anticipated write-up for this year's #CrackMeIfYouCan contest at #Defcon32
Read it here:
It's fun to walk around the Black Hat expo floor and just see an endless parade of companies whose datacenters we've broken into. 
(It's also extra fun to have a career where I can openly admit this and I'm not confessing to a felony. We have exceptional lives, those of us in this industry.) 
@tinker@infosec.exchangeThere is something so satisfying in kicking off an entire RFC1918 scan.
Doing a single port at a brisk but safe (for my environment) pace.
~/# nmap -Pn -n -p <single port number> -T4 --open 10.0.0.0/8
~/# nmap -Pn -n -p <single port number> -T4 --open 172.16.0.0/12
~/# nmap -Pn -n -p <single port number> -T4 --open 192.168.0.0/16
(command broken out for dramatic effect - also note that I break out each of those CIDRs into /24's so that if anything breaks, I can pick up easier where the last known good ended. It's scripted and I prefer it this way.)
I am not doing a ping sweep or a DNS resolution. I'm assuming all hosts are up. And I'm looking for every host with a single port open. So even if they dont respond to pings (or something is preventing pings), I should get an answer back.
Note, I could certainly do faster (T5 or masscan, gawd) - but this is about as fast as I'm going to do in my environment and still be safe.
Also, only looking for open ports right now - no fingerprinting yet.
A cool thing about this approach is many intrusion detection still will only look for multiple ports on a single host to trigger an alert. Some still ignore many hosts / single port scans (to their detriment).
We've long sense purple teamed this, so I sent a notification to SOC letting them know my actions and asking them nicely (I bribed them last week) to not stop me, lol.
Should take a couple weeks to a month at this pace and in my environment to hit every single one of the just shy of 18,000,000 hosts 
@tinker@infosec.exchangeOk. I think I've given them enough of a rest...
The greater security team asked me to chill for a bit because they were overloaded with findings. That makes perfect sense. I gave them enough to chew on and I try to rotate findings that various teams can work on.
This one specific team remediated a lot of my findings. It took a long time and they worked very hard and worked with multiple multiple multiple ops teams to get it done.
And I gave them ample time to rest afterwards. I announced their success to the CISO and give them major kudos.
But I'm about to be that guy who rewards good work with more work.
I'm going to do the dreaded "Full Security Audit".
I think I'll stretch before I send off these initial enumeration scans. I've got my custom scripts ready. I might step out to buy an energy drink.
Eris damned, even the anticipation has my dopamine and adrenaline flowing.
Over the course of the next few weeks, #hackers virtually around the world will be reaching the next lvl sk177z at
@ringzer0!
Find out how at the #DCG201 #HackerSummerCamp 2024 Guide for #ringzer0 #DOUBLEDOEN24: https://defcon201.medium.com/hacker-summer-camp-2024-guides-part-eight-doubledown24-by-ringzer0-3b36a9241553
