Lingolol

DEF CON🚨 Swag alert! 🚨 Final preparations are underway for <a href="https://defcon.social/tags/DEFCONTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCONTraining</a> Las Vegas 2025! Take a look below for a sneak preview of this year’s training swag, provided exclusively to students and instructors.It’s not too late to sign up. Browse the course offerings and secure your spot today: <a href="https://training.defcon.org/collections/def-con-training-las-vegas-2025" rel="nofollow noopener" translate="no" target="_blank">https://training.defcon.org/collections/def-con-training-las-vegas-2025</a> <a href="https://defcon.social/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#defcon</a> <a href="https://defcon.social/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#defcon33</a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://defcon.social/tags/cybertraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybertraining</a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://defcon.social/tags/offensivecyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#offensivecyber</a> <a href="https://defcon.social/tags/cyberdefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberdefense</a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://defcon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a>

Parrot SecurityParrotOS 6.4 is out now! 🔔This release sets the stage for Parrot 7 with upgraded tools, security fixes, and system improvements 🐦💻Upgrade via sudo parrot-upgrade or grab a fresh install from the official site 💡Click the link down below and read more on the changelog 🔗<a href="https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes" rel="nofollow noopener" translate="no" target="_blank">https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes</a><a href="https://mastodon.social/tags/ParrotSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ParrotSec</a> <a href="https://mastodon.social/tags/ParrotOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ParrotOS</a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://mastodon.social/tags/CybersecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#CybersecurityNews</a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://mastodon.social/tags/PenTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTest</a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#linux</a> <a href="https://mastodon.social/tags/linuxdistro" class="mention hashtag" rel="nofollow noopener" target="_blank">#linuxdistro</a>

LMG SecurityHundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.Attackers can: • Gain unauthenticated admin access • Pivot to full remote code execution • Exfiltrate credentials for LDAP, FTP, and more • Move laterally through your networkBrother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.Need help testing your network for exploitable print devices? Contact us and our pentest team can help!Read the Dark Reading article for more details on the Brother Printers vulnerability: <a href="https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug" rel="nofollow noopener" translate="no" target="_blank">https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug</a><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenetrationTesting</a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentest</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/PrinterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrinterSecurity</a> <a href="https://infosec.exchange/tags/BrotherPrinters" class="mention hashtag" rel="nofollow noopener" target="_blank">#BrotherPrinters</a> <a href="https://infosec.exchange/tags/CVE202451978" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202451978</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMB</a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISO</a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberaware</a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#DFIR</a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSecurity</a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZeroTrust</a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#PatchNow</a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentest</a>

OrangeConWatch Brenno De Winter’s talk from OrangeCon 2024 on making penetration tests auditable again. Watch here: <a href="https://www.youtube.com/watch?v=Rv0otVFKrkk" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=Rv0otVFKrkk</a> <a href="https://infosec.exchange/tags/OrangeCon2024" class="mention hashtag" rel="nofollow noopener" target="_blank">#OrangeCon2024</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a>

🧿🪬🍄🌈🎮💻🚲🥓🎃💀🏴🛻🇺🇸Someone should make a circuit board that fits in an original <a href="https://mastodon.social/tags/tamagotchi" class="mention hashtag" rel="nofollow noopener" target="_blank">#tamagotchi</a> shell and upgrades the screen and CPU so that it can do a lot of extra stuff; <a href="https://mastodon.social/tags/gps" class="mention hashtag" rel="nofollow noopener" target="_blank">#gps</a> location tracking, <a href="https://mastodon.social/tags/meshtastic" class="mention hashtag" rel="nofollow noopener" target="_blank">#meshtastic</a> node, <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> and <a href="https://mastodon.social/tags/radio" class="mention hashtag" rel="nofollow noopener" target="_blank">#radio</a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> like a <a href="https://mastodon.social/tags/flipperZero" class="mention hashtag" rel="nofollow noopener" target="_blank">#flipperZero</a>, etc. Maybe some <a href="https://mastodon.social/tags/arm" class="mention hashtag" rel="nofollow noopener" target="_blank">#arm</a> <a href="https://mastodon.social/tags/soc" class="mention hashtag" rel="nofollow noopener" target="_blank">#soc</a> like a <a href="https://mastodon.social/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#RaspberryPi</a>, or <a href="https://mastodon.social/tags/Rocknix" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rocknix</a>, or maybe just a little <a href="https://mastodon.social/tags/ESP32" class="mention hashtag" rel="nofollow noopener" target="_blank">#ESP32</a>. Maybe just cram a <a href="https://mastodon.social/tags/Pebble" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pebble</a> watch in there or something.<a href="https://mastodon.social/tags/hardware" class="mention hashtag" rel="nofollow noopener" target="_blank">#hardware</a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a> <a href="https://mastodon.social/tags/virtualPet" class="mention hashtag" rel="nofollow noopener" target="_blank">#virtualPet</a>

Biohacking VillageDEF CON Training 2025 📅 August 9–12, 2025 | 4-Day TrainingJoin Michael Aguilar <a href="https://mastodon.social/tags/v3ga" class="mention hashtag" rel="nofollow noopener" target="_blank">#v3ga</a> and Alex Delifer <a href="https://mastodon.social/tags/Cheet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cheet</a> for a hands-on course on Medical Device Penetration Testing at <a href="https://mastodon.social/tags/DEFCON33" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCON33</a> <a href="https://defcon.social/@defcon" class="u-url mention" rel="nofollow noopener" target="_blank">@defcon</a> Learn more and sign up: <a href="https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training" rel="nofollow noopener" translate="no" target="_blank">https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training</a><a href="https://mastodon.social/tags/Biohackingvillage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Biohackingvillage</a> <a href="https://mastodon.social/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTesting</a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackers</a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://mastodon.social/tags/workshop" class="mention hashtag" rel="nofollow noopener" target="_blank">#workshop</a> <a href="https://mastodon.social/tags/DEFCON" class="mention hashtag" rel="nofollow noopener" target="_blank">#DEFCON</a>

Mike ShewardMy previous intro post was a few years old, so behold, new intro post:Mike. Live in the Seattle area having grown up in the UK as a full blown British. Have a wife (incredible), child (boy), and three dogs (golden retriver/cream retriver/fuck knows).I work in information security, something I have done for about 20 years. By day I run corporate security, enterprise IT and various other bits and pieces for an EV charging startup. I am big into EV's and currently drive one that is not a Tesla. I want an electric motorbike, so if anyone has a spare one please send it.I also have a company of my own, Secure Being (<a href="https://securebeing.com" rel="nofollow noopener" translate="no" target="_blank">https://securebeing.com</a>), which does pen testing and digital forensic work - it's my way of staying super hands on while still doing the management bits on the career path.I have written books about information security things. Five of them. Two are non-fiction textbooks, and three are fiction based on real world <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> things. Check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank">https://infosecdiaries.com</a> and your local bookstore to find them, just search for my name. I have been trying to write more stuff, but always seem to find myself distracted by other things, such as work. linktr.ee/secureowl has some mini stories I've written.I love radio and everything RF. I have lots of antennas and various scanners and radios on my desk. I love intercepting and decoding things, like digital radio protocols.I am a big aviation nerd. I always wanted to be a commercial pilot. I gained my private pilots license in the UK at 17, all self funded by my employment at the local Safeway/Morrisons store. I did the sim test and commercial assessments, but for some reason, at 18, I was unable to find the £100k needed to complete the commercial training, so I did computers. But do not worry, because those computers and love of aviation and radio/RF combined, and I run a project called ACARS Drama. <a href="https://acarsdrama.com" rel="nofollow noopener" translate="no" target="_blank">https://acarsdrama.com</a> has all the details.I play guitar and am a big guitar/audio nerd as well. I record music under the moniker Operation: Anxiety, <a href="https://operationanxiety.com" rel="nofollow noopener" translate="no" target="_blank">https://operationanxiety.com</a> - the music is on all the normal places. Finally, I am a massive fan of motorsport. I believe I have watched every F1 race for the last 30 years, maybe 25. I also follow F2, FE, Indycar and MotoGP closely. I average around 18 hours of Le Mans 24 hour racing watching per year.So there you have it. If you are looking for a thought leader on the topics mentioned above, you've come to the wrong place - because this is where I shitpost, and shitposting is cheap therapy.<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/acars" class="mention hashtag" rel="nofollow noopener" target="_blank">#acars</a> <a href="https://infosec.exchange/tags/vdlm2" class="mention hashtag" rel="nofollow noopener" target="_blank">#vdlm2</a> <a href="https://infosec.exchange/tags/sdr" class="mention hashtag" rel="nofollow noopener" target="_blank">#sdr</a> <a href="https://infosec.exchange/tags/rf" class="mention hashtag" rel="nofollow noopener" target="_blank">#rf</a> <a href="https://infosec.exchange/tags/f1" class="mention hashtag" rel="nofollow noopener" target="_blank">#f1</a> <a href="https://infosec.exchange/tags/seattle" class="mention hashtag" rel="nofollow noopener" target="_blank">#seattle</a> <a href="https://infosec.exchange/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#introduction</a>

Clément Labro🆕 New blog post!"Checking for Symantec Account Connectivity Credentials (ACCs) with PrivescCheck"This blog post is not so much about PrivescCheck in the end, but rather brings additional insight to the original article published by MDSec on the subject.👉 <a href="https://itm4n.github.io/checking-symantec-account-credentials-privesccheck/" rel="nofollow noopener" translate="no" target="_blank">https://itm4n.github.io/checking-symantec-account-credentials-privesccheck/</a><a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/research" class="mention hashtag" rel="nofollow noopener" target="_blank">#research</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>

Julian OliverAn excellent and especially thorough list of bypasses available to just about any bad actor that can reach a shell on a misconfigured UNIX system.<a href="https://gtfobins.github.io/" rel="nofollow noopener" translate="no" target="_blank">https://gtfobins.github.io/</a>(Thanks to one of my students, Susana, for sending this in)<a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>

Mike ShewardMini Pen Test Diaries Story:During the open source enumeration phase of an external footprint test, I found a virtual machine that bore the name of the client in its NetBIOS response in Shodan.Connecting to the machine over HTTP, I found a web app that was very relevant to the industry of the client - so I knew it was likely related.The strange thing, however, was that Shodan was telling me NetBIOS and SMB were open (that’s how I found the machine in the first place), but I was unable to connect to it over SMB. Port scan showed closed.I needed to figure out why Shodan was telling me one thing, but my reality was different.The machine was hosted in Azure, so I figured I’d try rerunning my port scan from a source IP in my own Azure account, to see if I’d get a different result.Sure enough, SMB was open when scanned from an Azure machine. They’d opened it up to any IP in Azure. No auth. Just an open file share accessible to anyone who was connecting to it from an Azure public source IP.I reported it, and it turned out that the machine was hosted by a vendor on behalf of the client.The vendor was insistent that my description of “public access to SMB share” was wrong, since technically it wasn’t open to the internet - just to Azure.I then pointed out that hey, Azure is a famous example of a “public” cloud for a reason.They fixed it.Lesson: always try from different perspectives - such as from within the same providers IP space, you might find what I found.For more, slightly less mini stories like this ones check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank">https://infosecdiaries.com</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>

Mike ShewardIndependent Bookstore Day - happy that all of my books are available on Bookshop.org, which supports local bookstores, thus: <a href="https://bookshop.org/contributors/mike-sheward" rel="nofollow noopener" translate="no" target="_blank">https://bookshop.org/contributors/mike-sheward</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/independentbookstoreday" class="mention hashtag" rel="nofollow noopener" target="_blank">#independentbookstoreday</a>

Marco Ciappelli🎙️✨:verified: :donor:🎙️✨ Here is a new Brand Story! Guest: John Stigerwalt & Gregory Hatcher Episode Title: No Manuals, No Shortcuts: Inside the Offensive Security Mindset at White Knight Labs🚀 Marco Ciappelli and Sean Martin, CISSP are back — and this time, they’re chatting with the founders of White Knight Labsfor their first Brand Story with ITSPmagazine!From learning on the field to building red teams to one of the toughest certification programs — John and Greg aren’t just playing the cybersecurity game. They’re rewriting it.They don’t believe in cookie-cutter pen tests. They simulate real ransomware attacks. They write their own loaders. And they only resell products they’ve personally tested in the wild.🔥 Passion. 🔍 Precision. 🤝 Purpose.🎧 Listen or watch now — and meet the team that’s raising the bar for offensive security: 📺 Video Teaser: <a href="https://youtu.be/VdGyPFhLAvU" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/VdGyPFhLAvU</a> 👉 Full Podcast: <a href="https://brand-stories-podcast.simplecast.com/episodes/no-manuals-no-shortcuts-inside-the-offensive-security-mindset-at-white-knight-labs-a-white-knight-labs-brand-story-with-co-founders-john-stigerwalt-and-greg-hatcher" rel="nofollow noopener" translate="no" target="_blank">https://brand-stories-podcast.simplecast.com/episodes/no-manuals-no-shortcuts-inside-the-offensive-security-mindset-at-white-knight-labs-a-white-knight-labs-brand-story-with-co-founders-john-stigerwalt-and-greg-hatcher</a>📌 Learn more about White Knight Labs on their Brand Page on ITSPmagazine: <a href="https://www.itspmagazine.com/directory/white-knight-labs" rel="nofollow noopener" translate="no" target="_blank">https://www.itspmagazine.com/directory/white-knight-labs</a>🎉 Join us in welcoming White Knight Labs to the ITSPmagazine family! We already have three more conversations scheduled with them — you won’t want to miss what’s coming next.Be sure to follow White Knight Labs and the Brand Stories with Sean and Marco podcast to stay connected with this exciting journey.<a href="https://brand-stories-podcast.simplecast.com/" rel="nofollow noopener" translate="no" target="_blank">https://brand-stories-podcast.simplecast.com/</a><a href="https://infosec.exchange/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#penetrationtesting</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/ransomwaresimulation" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomwaresimulation</a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#offensivesecurity</a> <a href="https://infosec.exchange/tags/edrbypass" class="mention hashtag" rel="nofollow noopener" target="_blank">#edrbypass</a> <a href="https://infosec.exchange/tags/cybersecuritytraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecuritytraining</a> <a href="https://infosec.exchange/tags/whiteknightlabs" class="mention hashtag" rel="nofollow noopener" target="_blank">#whiteknightlabs</a> <a href="https://infosec.exchange/tags/apt" class="mention hashtag" rel="nofollow noopener" target="_blank">#apt</a> <a href="https://infosec.exchange/tags/cybersecurityservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurityservices</a> <a href="https://infosec.exchange/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#defcon</a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/securitypartnerships" class="mention hashtag" rel="nofollow noopener" target="_blank">#securitypartnerships</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infosecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecurity</a>

0x40kSeriously, Broadcom... what's the deal lately? 🤯First up, we've got CVE-2025-22230 hitting VMware Tools for Windows. This nasty bug basically lets standard users inside a VM escalate their privileges to admin level. Yikes! 😬 With a CVSS score of 7.8, you'll want to jump on this fix ASAP. It impacts versions 11.x.x and 12.x.x, so upgrading to 12.5.1 needs to be right at the top of your list!But wait, there's more. CrushFTP is also sounding the alarm about unauthenticated access vulnerabilities lurking on HTTP(S) ports in versions 10 and 11. It's definitely time to double-check those DMZ configurations. Rapid7 has confirmed that exploits are out there, allowing unauthorized access. Pretty intense, right?Stuff like this is a stark reminder: while automated scans have their place, they just don't cut it alone. Real-deal penetration testing is absolutely essential. Those manual checks are what uncover the sneaky issues that automated tools often breeze right past.What's your take on this recent wave? How are you keeping your own environments locked down tight? Let's talk 👇<a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITSecurity</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/VMware" class="mention hashtag" rel="nofollow noopener" target="_blank">#VMware</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/VulnerabilityManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#VulnerabilityManagement</a>

FlorianWhen I started the IC_Null channel the idea was to cover topics primarily about <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>, <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a>, <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> etc. from a <a href="https://infosec.exchange/tags/blind" class="mention hashtag" rel="nofollow noopener" target="_blank">#blind</a> perspective. Blind as in <a href="https://infosec.exchange/tags/screenReader" class="mention hashtag" rel="nofollow noopener" target="_blank">#screenReader</a> user, that is. But an overarching topic is showing off what jobs are (up to a point) doable for this demographic and where the obstacles are. Today's stream leans that way: we'll be looking at the premier <a href="https://infosec.exchange/tags/translation" class="mention hashtag" rel="nofollow noopener" target="_blank">#translation</a> and <a href="https://infosec.exchange/tags/localization" class="mention hashtag" rel="nofollow noopener" target="_blank">#localization</a> tool, Trados Studio. Supposedly they have upped their <a href="https://infosec.exchange/tags/accessibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#accessibility</a> as of late. I'll be the judge of that 💀 I'll see you all on <a href="https://infosec.exchange/tags/youtube" class="mention hashtag" rel="nofollow noopener" target="_blank">#youtube</a> and <a href="https://infosec.exchange/tags/twitch" class="mention hashtag" rel="nofollow noopener" target="_blank">#twitch</a> just under 1.5 hours from now. https://twitch.tvic_null <a href="https://youtube.com/@blindlyCoding" rel="nofollow noopener" translate="no" target="_blank">https://youtube.com/@blindlyCoding</a> <a href="https://infosec.exchange/tags/selfPromo" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfPromo</a> <a href="https://infosec.exchange/tags/stream" class="mention hashtag" rel="nofollow noopener" target="_blank">#stream</a> <a href="https://infosec.exchange/tags/trados" class="mention hashtag" rel="nofollow noopener" target="_blank">#trados</a>

Marco Ciappelli🎙️✨:verified: :donor:New On Location Coverage with Sean & Marco on ITSPmagazine🚨 Cybersecurity in <a href="https://infosec.exchange/tags/Italy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Italy</a> 🇮🇹 : A Niche Topic No More... 🤔 Not too long ago, if you mentioned <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> in Italy, you’d get a lot of blank stares. Today, it’s everywhere—boardrooms, government agencies, and, of course, <a href="https://infosec.exchange/tags/ITASEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITASEC</a>, Italy’s official cybersecurity conference.This year, <a href="https://infosec.exchange/tags/ITASEC2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITASEC2025</a> took over Bologna, bringing together researchers, policymakers, and industry leaders to discuss what’s next for digital security. AI security, regulatory shifts, <a href="https://infosec.exchange/tags/cybereducation" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybereducation</a> — yes, even the Digital Operational Resilience Act (<a href="https://infosec.exchange/tags/DORA" class="mention hashtag" rel="nofollow noopener" target="_blank">#DORA</a>) that’s reshaping financial sector security—were all on the table.Unfortunately I wasn’t in Italy at the time of the event, but that didn’t stop me from having a fascinating conversation with Professor Alessandro Armando, one of the key organizers and a leading voice in cybersecurity research. In this latest On Location episode. Of course, Sean Martin joined me and we spoke about:🔹 How cybersecurity went from an afterthought to a national priority in Italy🔹 Why companies are (finally) realizing that <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> is an <a href="https://infosec.exchange/tags/investment" class="mention hashtag" rel="nofollow noopener" target="_blank">#investment</a>, not just a cost🔹 The rise of Cyber Challenge IT—Italy’s initiative to build the next generation of cybersecurity experts🔹 And, of course, the big reveal… ITASEC 2026 is heading to Sardinia!📺 Watch the Full Video: <a href="https://youtu.be/NsdkYAYZANc" rel="nofollow noopener" translate="no" target="_blank">https://youtu.be/NsdkYAYZANc</a>🎧 Listen to the Full Podcast: <a href="https://eventcoveragepodcast.com/episodes/cybersecurity-in-italy-itasec-2025-recap-future-outlook-with-professor-alessandro-armando-on-location-coverage-with-sean-martin-and-marco-ciappelli" rel="nofollow noopener" translate="no" target="_blank">https://eventcoveragepodcast.com/episodes/cybersecurity-in-italy-itasec-2025-recap-future-outlook-with-professor-alessandro-armando-on-location-coverage-with-sean-martin-and-marco-ciappelli</a>🔔 Subscribe to On Location Podcast: <a href="https://eventcoveragepodcast.com" rel="nofollow noopener" translate="no" target="_blank">https://eventcoveragepodcast.com</a>Cybersecurity isn’t just about stopping threats—it’s about shaping the future of how we live, work, and trust <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a>.What’s your take? Are we heading in the right direction, or are we still playing catch-up? <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>, <a href="https://infosec.exchange/tags/CyberRisk" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberRisk</a>, <a href="https://infosec.exchange/tags/AIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#AIsecurity</a>, <a href="https://infosec.exchange/tags/CyberThreats" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberThreats</a>, <a href="https://infosec.exchange/tags/CyberEducation" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberEducation</a>, <a href="https://infosec.exchange/tags/CyberWorkforce" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberWorkforce</a>, <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntel</a>, <a href="https://infosec.exchange/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#EthicalHacking</a>, <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTesting</a>, <a href="https://infosec.exchange/tags/RiskManagement" class="mention hashtag" rel="nofollow noopener" target="_blank">#RiskManagement</a>, <a href="https://infosec.exchange/tags/CyberResilience" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberResilience</a>, <a href="https://infosec.exchange/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#DataProtection</a>, <a href="https://infosec.exchange/tags/DigitalSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#DigitalSecurity</a>, <a href="https://infosec.exchange/tags/CyberLaw" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberLaw</a>, <a href="https://infosec.exchange/tags/TechnologyNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechnologyNews</a>, <a href="https://infosec.exchange/tags/OnLocationPodcast" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnLocationPodcast</a>

0x40kAlright, Go developers, listen up! 🚨 Seriously crazy stuff is happening in the Go world right now. We're talking major typosquatting issues. Attackers are slithering in and spreading malware via fake packages, can you believe it?So, for goodness sake, pay super close attention to the names of your modules! One little typo and bam! You've got yourself a nasty infection. As a pentester, I see this kind of thing all the time, sadly. Tiny mistakes, HUGE consequences. This malware then installs a backdoor. Totally not cool, right?Therefore, check your imports, folks! And make sure you're getting your devs trained up on security. Automated scans? Nice to have, sure, but they're absolutely no substitute for a manual pentest! What are your go-to tools for fighting this kind of attack? Oh, and yeah, IT security *has* to be in the budget, that's just the way it is.<a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#golang</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/typosquatting" class="mention hashtag" rel="nofollow noopener" target="_blank">#typosquatting</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a>

Konstantin :C_H:I'm excited to share CVE Crowd's Top 5 Vulnerabilities from February 25!These five stood out among the 352 CVEs actively discussed across the Fediverse.For each CVE, I’ve included a standout post from the community.Enjoy exploring! 👇<a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#BugBounty</a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hacking</a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a> <a href="https://infosec.exchange/tags/CveCrowd" class="mention hashtag" rel="nofollow noopener" target="_blank">#CveCrowd</a>

0x40kHey everyone, what's cooking in the open-source universe? 🤯 I just stumbled upon something that's seriously mind-blowing.So, there's this Python library pretending to be a music tool (automslc), but get this – it's actually illegally downloading songs from Deezer! And the worst part? It turns your computer into an accomplice in a huge music piracy operation. Seriously, a digital pirate cove. 🏴‍☠️And then there's this npm saga with @ton-wallet/create... Crypto wallet emptied, just like that! 💸The moral of the story? Open source rocks, but blindly trusting everything is a recipe for disaster. Always double-check those dependencies! Automated scans are cool, but a real penetration test? That's pure gold. 🥇Clients are always so appreciative when we can spot and fix this kind of stuff beforehand!Now, I'm curious: What are your go-to methods for keeping your codebase squeaky clean and secure? Any tips or tricks you'd like to share?<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> <a href="https://infosec.exchange/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#javascript</a>

Python Weekly 🐍I made my own RAT, written entirely in python.<a href="https://github.com/lioen-dev/Lo4f-Malware/tree/main" rel="nofollow noopener" translate="no" target="_blank">https://github.com/lioen-dev/Lo4f-Malware/tree/main</a>Discussions: <a href="https://discu.eu/q/https://github.com/lioen-dev/Lo4f-Malware/tree/main" rel="nofollow noopener" translate="no" target="_blank">https://discu.eu/q/https://github.com/lioen-dev/Lo4f-Malware/tree/main</a><a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://mastodon.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://mastodon.social/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a>

Karsten JohanssonTrue Story, bruh:Back in the 90's people would go on about how superior emacs is as an editor. And some cheerleaders would hound me about why I "still" used (and still do today) vi... vim actually. Even for doing things like Usenet news, and the email client. Joe was in a lot of email readers, which is pretty much slobberproof, BUT...My answer was and still is simple. I hack and break things for a living. I've never seen emacs installed on a bridge, router, or frankly any other network device. Hell, when the web came around, emacs was only rarely on those servers, either. But ed and vi is (was?) on pretty much all of them.So that's what I learned. And my personal ecosystem and workflow is all about vi(m) and nothing about emacs.Even though I'm a Lisp cheerleader, lol.Do I hate emacs? No, but I do very much dislike the overpowering smell of religion that seems permeate it's very existence, like those dirty air lines fuming from the Peanuts character Pigpen.Some call me a space cowboy. Some call me a gangsta of <a href="https://infosec.exchange/tags/Lisp" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lisp</a> :ablobdj: <a href="https://infosec.exchange/tags/commonlisp" class="mention hashtag" rel="nofollow noopener" target="_blank">#commonlisp</a> <a href="https://infosec.exchange/tags/vi" class="mention hashtag" rel="nofollow noopener" target="_blank">#vi</a> <a href="https://infosec.exchange/tags/emacs" class="mention hashtag" rel="nofollow noopener" target="_blank">#emacs</a> <a href="https://infosec.exchange/tags/vim" class="mention hashtag" rel="nofollow noopener" target="_blank">#vim</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/editor" class="mention hashtag" rel="nofollow noopener" target="_blank">#editor</a> <a href="https://infosec.exchange/tags/clisp" class="mention hashtag" rel="nofollow noopener" target="_blank">#clisp</a> <a href="https://infosec.exchange/tags/sbcl" class="mention hashtag" rel="nofollow noopener" target="_blank">#sbcl</a>

Recent searches

Search options

Administered by:

Server stats:

#pentesting