snabelen.no er en av mange uavhengige Mastodon-servere du kan bruke for å delta i det desentraliserte sosiale nettet.
Ein norsk heimstad for den desentraliserte mikroblogge-plattformen.

Administrert av:

Serverstatistikk:

364
aktive brukere

#pentesting

4 innlegg4 deltakere0 innlegg i dag

Most Android apps don’t expose much through services. But system apps? That’s where things get interesting...

This blog post by David Lodge explains how Android services work and looks into the security risks of AIDL (Android Interface Definition Language) services.

They’re often used by OEMs to expose system-level functionality, sometimes without proper permission checks. That makes them a worthwhile attack surface if you’re testing vendor builds or reviewing apps with elevated privileges.

📌Learn more here: pentestpartners.com/security-b

A benefit to having a business major who is trained in application development do your vulnerability assessment is that we tend to take things like marketing and vision into account when doing the test. Sometimes, perceptions are an extremely important part of results, and how an attacker will approach a site is driven by those perceptions.

If you are not a business major, quick tip: Spend 30 minutes doing deep searches on the company name, the owner's names, the type of business they're in, and any unique phrases so that you get an idea of what people are saying. Use a tool. Get a subscription to the Wall Street Journal or FT. Dig through their databases. Hit the Wayback Machine.

Look on TOR! Set up a couple of accounts on some of the forums on there (obviously don't connect them to your real identity). Do searches before a test - just see what people are saying. Sometimes it's a big deal.

New Open-Source Tool Spotlight 🚨🚨🚨

NetExec (formerly CrackMapExec) is a Python-based tool for network enumeration and exploitation, tailored to Active Directory environments. Fully open-source, it's designed for red teams and pentesters tackling complex security contexts. #pentesting #infosec

🔗 Project link on #GitHub 👉 github.com/Pennyw0rth/NetExec

#Infosec #Cybersecurity #Software #Technology #News #CTF #Cybersecuritycareer #hacking #redteam #blueteam #purpleteam #tips #opensource #cloudsecurity

✨
🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: darkreading.com/endpoint-secur

We turned a car into a Mario Kart controller! 🏎️🎮
 
At PTP Cyber Fest, attendees used the steering wheel, pedals, and brakes of a real Renault Clio to play SuperTuxKart.
 
We tapped into the CAN bus with cheap wire splicers.
 
Mapped the signals using Python.
 
We even wrote our own state machine to make it all work.
 
Sure, it was a bit impractical. We had to remove the wing mirrors to fit it inside the building, deal with dodgy electrics, and babysit the car battery.
 
Next year, we might try something a bit more portable.
 
📌Read how we did it here: pentestpartners.com/security-b
 
#CyberSecurity #AutomotiveSecurity #CANbus #HackThePlanet #PenTesting #Python #Infosec #PTPCyberFest2025