@y0no@mastodon.tedomum.net
RT @noraj_rawsec@twitter.com
The Invisible JavaScript Backdoor
https://certitude.consulting/blog/en/invisible-backdoor/
🐦🔗: https://twitter.com/noraj_rawsec/status/1463603200737652739
RT @gael_duval@twitter.com
🔥Many open positions at ECORP... 🧑🏻🤝🧑🏻🧑🏻🤝🧑🏻🧑🏻🤝🧑🏻
Want to build the most avdanced, degoogled, pro-privacy mobile ecosystem? 📱🖥️ Join us!
#mydataisMYdata #hiring #techjobs #android #phpjobs #wordpressdeveloper #remotejobs #remotework
#privacy #opensource
🐦🔗: https://twitter.com/gael_duval/status/1460200201084362755
Honteux. L'objectif d'une redteam sera toujours de protèger pas juste de pwn...
RT @campuscodi@twitter.com
Randori discovered and used a Palo Alto Networks GlobalProtect VPN zero-day (CVE-2021-3064) as part of its red team engagements for a year before disclosing the issue to the vendor
https://www.randori.com/blog/cve-2021-3064/
🐦🔗: https://twitter.com/campuscodi/status/1458668057040097283
RT @Synacktiv@twitter.com
Check our new internship position! Let's hunt backdoors, tools or configurations that could maintain the (silent) presence of an attacker in a system. Good knowledge required in Windows and ready-to-learn in computer forensics.
🇫🇷 https://www.synacktiv.com/recherche-sur-les-moyens-de-persistance.html
🐦🔗: https://twitter.com/Synacktiv/status/1458492485383163909
RT @hkashfi@twitter.com
Turns out CVE-2021-22205 has been actually a pre-auth RCE, unlike what original advisory stated. https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
RT @expliot_io@twitter.com
Halloween 🎃 Giveaway Alert 📢
The trick: Download our eBook (https://bit.ly/3lGxc0p), hit the follow button, like & reshare this post.
1 lucky winner gets a chance to win EXPLIoT Nano
The winner will be announced on 31st October 2021 📅
#iotexperts
🐦🔗: https://twitter.com/expliot_io/status/1448879996685139971
RT @cnotin@twitter.com
🇫🇷 ANSSI does not recommend anymore to enforce password expiry, except for privileged accounts.
Of course renewal must be triggered if a leak is suspected.
Big change with the end of this old rule. France finally in line with other international recommendations. https://twitter.com/ANSSI_FR/status/1446414418166812672
RT @binitamshah@twitter.com
Unauthenticated Remote Code Execution (RCE) vulnerability in Hikvision IP cameras/NVR firmware ,Patch now (*CVE-2021-36260) : https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html credits @Watchful_IP@twitter.com
🐦🔗: https://twitter.com/binitamshah/status/1441686358104285187
RT @ClusirNormandie@twitter.com
[🛡️ #Adhérent] Bienvenue à @ACEService2@twitter.com qui rejoint le #CLUSIR #Normandie.
ACE Service accompagne ses clients depuis plus de 10 ans sur leurs problématiques de cybersécurité en fournissant des services autour de : l'audit, l'intégration, la mise en œuvre et l'hébergement.
🐦🔗: https://twitter.com/ClusirNormandie/status/1440212983720800260
RT @wassiniazirar@twitter.com
🔴 #Cybersecurite : l'AP-HP annonce avoir porté plainte auprès du Procureur de la République de Paris après avoir constaté le vol de fichiers contenant des données nominatives, à la suite d’une attaque informatique conduite au cours de l’été et confirmée le 12 septembre dernier.
🐦🔗: https://twitter.com/wassiniazirar/status/1438208377436442628
RT @cyb3rops@twitter.com
Sigma rule to detect CVE-2021-40444 exploitation activity
- Office program with control.exe child seems to be stable enough (1 exception)
- also works for the RTF vector https://twitter.com/WLesicki/status/1435691458980352012
- control.exe + .cpl isn't good enough
Une vulnérabilité critique du composant MSHTML de Microsoft a été détectée et peut mener à une exécution de code. Pour le moment pas de patch officiel mais des contournements sont possibles notamment via la désactivation d'ActiveX. #infosec
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
RT @securestep9@twitter.com
#OWASP Top 10 2021 DRAFT is out!!!
Now available for peer review, comment, translation, and suggestions for improvements:
🐦🔗: https://twitter.com/securestep9/status/1435698276045672457
RT @j0nh4t@twitter.com
Need local admin and have physical access?
- Plug a Razer mouse (or the dongle)
- Windows Update will download and execute RazerInstaller as SYSTEM
- Abuse elevated Explorer to open Powershell with Shift+Right click
Tried contacting @Razer@twitter.com, but no answers. So here's a freebie
RT @ldionmarcil@twitter.com
idk why I havent thought of this before, but its very easy to hide those "external sender" warnings that get appended to your emails during phishing campaigns 🤔. Email gateways/FW just add HTML at the start/end of emails, simply add CSS to hide it! #RedTeam
See images:
🐦🔗: https://twitter.com/ldionmarcil/status/1384987686113583107
RT @binitamshah@twitter.com
tmpmail : A temporary email right from your terminal written in POSIX sh : https://github.com/sdushantha/tmpmail credits @sidheart@twitter.com
🐦🔗: https://twitter.com/binitamshah/status/1425409268774146051
Je ne pensais pas avoir besoin d'un MiSTer jusqu'à ce que je vois ces beautés 😍
RT @MisterAddons@twitter.com
Time for my (belated) 5K follower giveaway! Winner gets their choice of #MiSTerFPGA kit (color, and IO board)! To enter: follow, like, and quote retweet adding something interesting. Winner will be chosen on 8/15/21 at whatever time I feel like. Tweet me if I forget, haha.
🐦🔗: https://twitter.com/MisterAddons/status/1421718757936799750
RT @BlueTeamJK@twitter.com
Infosec Memes FTW
🐦🔗: https://twitter.com/BlueTeamJK/status/1420012708083208201
RT @yeswehack@twitter.com
🥁 We're thrilled to announce that we've raised €16M in our Series B funding! So today, we want to thank you, hunters, for making up our community. We wouldn’t be here without you! #HackThePlanet #YesWeRHackers
Full announcement: https://bit.ly/3hVXBWp
🐦🔗: https://twitter.com/yeswehack/status/1418114447428792321
