NRW.social

524 Beiträge212 Beteiligte90 Beiträge heute

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Active Directory Certificate Services (AD CS) can be a goldmine if misconfigured. Tools like Certipy simplify enumeration and abuse, leveraging techniques like Shadow Credentials, Golden Certificates, and domain escalation paths (ESC1-ESC11). <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RedTeam</a> Certipy's `shadow` command exemplifies ADCS weaknesses. By manipulating `msDS-KeyCredentialLink`, you can take over accounts via PKINIT. It's seamless but devastating for privilege escalation. <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/ActiveDirectory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ActiveDirectory</a> Golden Certificates mimic Golden Tickets but target ADCS. Using a compromised CA private key, an attacker can forge certs for domain controllers or users. Certipy automates this process—caution with CA backups. <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/PKI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PKI</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/ly4k/Certipy" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/ly4k/Certipy</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Shodan SafariASN: AS44034 Location: Lund, SE Added: 2025-04-02T00:24<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Hackread.com🚨 The CVE program narrowly avoided shutdown as <a href="https://mstdn.social/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> stepped in to extend MITRE’s contract.Read: <a href="https://hackread.com/cve-program-online-cisa-temporary-mitre-extension/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://hackread.com/cve-program-online-cisa-temporary-mitre-extension/</a><a href="https://mstdn.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://mstdn.social/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://mstdn.social/tags/MITRE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MITRE</a>

Shodan SafariASN: AS4385 Location: Rochester, US Added: 2025-04-04T01:08<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

AAKLWarning. A lot of people would say "I have nothing to hide," but that makes it your RISK to take.Computerworld: Anthropic’s Claude AI can now search through your Gmail account for ‘Research’ <a href="https://www.computerworld.com/article/3963652/anthropics-claude-ai-can-now-search-through-your-gmail-account-for-research.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.computerworld.com/article/3963652/anthropics-claude-ai-can-now-search-through-your-gmail-account-for-research.html</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a>

ApplSec📣 EMERGENCY UPDATES 📣Apple pushed updates for 2 new zero-days that may have been actively exploited.🐛 CVE-2025-31200 (CoreAudio), 🐛 CVE-2025-31201 (RPAC): - iOS and iPadOS 18.4.1 - macOS Sequoia 15.4.1 - tvOS 18.4.1 - visionOS 2.4.1<a href="https://infosec.exchange/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apple</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/ios" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ios</a>

ApplSec🐛 NEW SECURITY CONTENT 🐛🥽 visionOS 2.4.1 - 2 bugs fixed <a href="https://support.apple.com/en-us/122402" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://support.apple.com/en-us/122402</a> 📺 tvOS 18.4.1 - 2 bugs fixed <a href="https://support.apple.com/en-us/122401" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://support.apple.com/en-us/122401</a> 💻 macOS Sequoia 15.4.1 - 2 bugs fixed <a href="https://support.apple.com/en-us/122400" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://support.apple.com/en-us/122400</a> 📱 iOS and iPadOS 18.4.1 - 2 bugs fixed <a href="https://support.apple.com/en-us/122282" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://support.apple.com/en-us/122282</a><a href="https://infosec.exchange/tags/apple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apple</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://infosec.exchange/tags/ios" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ios</a>

David J. AtkinsonThank you to @Nonikex. This thread is the most detailed and alarming account of <a href="https://c.im/tags/covert" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#covert</a> <a href="https://c.im/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> breaches perpetrated by <a href="https://c.im/tags/DOGE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DOGE</a> “engineers” (<a href="https://c.im/tags/hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hackers</a>) that I have read. We are very fortunate that a brave internal <a href="https://c.im/tags/Whistleblower" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Whistleblower</a> at <a href="https://c.im/tags/NLRB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NLRB</a> made the report public even after he received personal threats. It reminds me of the movie “Enemy of the Stats” (1998) starring Will Smith. In both that fictional case and the current DOGE <a href="https://c.im/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intelligence</a> <a href="https://c.im/tags/threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threat</a>, the technological power of nation states is used, under <a href="https://c.im/tags/ColorOfLaw" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ColorOfLaw</a>, to coverup criminal behavior. There are also alarming indications of <a href="https://c.im/tags/Russia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Russia</a> participating in stealing or receiving data that was covertly exfiltrated from the agency. We are watching the greatest <a href="https://c.im/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#intelligence</a> operation against the US as it is happening. <a href="https://masto.ai/@Nonilex/114342396149660044" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://masto.ai/@Nonilex/114342396149660044</a>

Daniel Schildt11 months of lifeline for CVE at MITRE, but nothing is known about what happens after that. Likely it would require a lot more than $57 million USD yearly to run CVE privately (outside of the access to skilled professionals at the public sector organisations).<a href="https://therecord.media/cisa-extends-cve-program-contract-with-mitre" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://therecord.media/cisa-extends-cve-program-contract-with-mitre</a><a href="https://mementomori.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://mementomori.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mementomori.social/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a>

Matthias SchulzeStuxnet revisited: From cyber warfare to secret statecraft <a href="https://www.tandfonline.com/doi/full/10.1080/01402390.2025.2481447?ai=1g8&mi=3w5k4y&af=R" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.tandfonline.com/doi/full/10.1080/01402390.2025.2481447?ai=1g8&mi=3w5k4y&af=R</a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Shodan SafariASN: AS201105 Location: Córdoba, ES Added: 2025-04-08T01:38<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

TechnoTenshi :verified_trans: :Fire_Lesbian:MITRE’s CVE program faced abrupt shutdown after DHS contract expired, but CISA stepped in with an 11-month extension to maintain continuity in vulnerability tracking. <a href="https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerabilities</a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a>

InkicanMost kids have no idea what the history of hacking really is. Let’s spend a few moments talking briefly about that history <a href="https://inkican.com/mesh-and-the-history-of-hacking-part-one-hacking-cyberpunk-infosec/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://inkican.com/mesh-and-the-history-of-hacking-part-one-hacking-cyberpunk-infosec/</a> <a href="https://mastodon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://mastodon.social/tags/hacker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacker</a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.social/tags/hackers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hackers</a> <a href="https://mastodon.social/tags/hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hack</a> <a href="https://mastodon.social/tags/ethicalhacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ethicalhacking</a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#linux</a> <a href="https://mastodon.social/tags/hacked" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacked</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://mastodon.social/tags/technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#technology</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

⠠⠵ avuko<a href="https://euvd.enisa.europa.eu/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://euvd.enisa.europa.eu/</a>In light of the current MITRE/CISA clown show, here is the European Vulnerabilities database. Because I’ll take “in beta” over “in the US” any day of the week.<a href="https://infosec.exchange/tags/MITRE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MITRE</a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVE</a> <a href="https://infosec.exchange/tags/CVD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CVD</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

LeeRaylFriends of <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> that are <a href="https://infosec.exchange/tags/threathunters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#threathunters</a> may be interested in this role!IonQ is hiring. There is more than one InfoSec role but this is the newest.I have been working with them for over a year and they do cool stuff. I also know the CISO if you are legit and need an intro.Don’t bother if you don’t exceed the minimum requirements, they check and verify.<a href="https://ionq.com/careers/5498795004" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ionq.com/careers/5498795004</a> If any other roles look good I can check on them as well.

Shodan SafariASN: AS16276 Location: Calais, FR Added: 2025-04-08T02:06<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

PiaOn seeing this post, I immediately thought about China's use of talking drones when Covid had hit. Sure enough, DJI is based in Shenzhen, China. Are we going to permit Chinese technology to police us? 👀 <a class="hashtag" href="https://bsky.app/search?q=%23espionage" rel="nofollow noopener noreferrer" target="_blank">#espionage</a> <a class="hashtag" href="https://bsky.app/search?q=%23spyware" rel="nofollow noopener noreferrer" target="_blank">#spyware</a> <a class="hashtag" href="https://bsky.app/search?q=%23cyber" rel="nofollow noopener noreferrer" target="_blank">#cyber</a> <a class="hashtag" href="https://bsky.app/search?q=%23tech" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a class="hashtag" href="https://bsky.app/search?q=%23data" rel="nofollow noopener noreferrer" target="_blank">#data</a> <a class="hashtag" href="https://bsky.app/search?q=%23infosec" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a class="hashtag" href="https://bsky.app/search?q=%23natsec" rel="nofollow noopener noreferrer" target="_blank">#natsec</a> RE: <a href="https://bsky.app/profile/did:plc:7exlcsle4mjfhu3wnhcgizz6/post/3lmwwh2txzz2w" rel="nofollow noopener noreferrer" target="_blank">https://bsky.app/profile/did:plc:7exlcsle4mjfhu3wnhcgizz6/post/3lmwwh2txzz2w</a>

AAKLCVE Foundation Launched to Secure the Future of the CVE Program <a href="https://www.thecvefoundation.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.thecvefoundation.org/</a> <a href="https://infosec.exchange/tags/Mitre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Mitre</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@GossiTheDog</a>

Simple NomadThe whole CVE fiasco might seem resolved, but it’s not. It is simply postponed. Oh sure, we’ve applied a tourniquet, but we probably should look into reattaching that amputated leg. Or finding someone (or someones) that is less prone to repeating leg amputation. <a href="https://rigor-mortis.nmrc.org/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve</a> <a href="https://rigor-mortis.nmrc.org/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Shodan SafariASN: AS50673 Location: Lelystad, NL Added: 2025-04-14T23:28<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#infosec