Neil Craig<p>Of course, there are other ways to configure sensitive values but I don't think it's necessarily obvious or front of mind when updating config and I honestly can't see (as someone who configures multiple services on Akamai regularly) why this feature is needed.<br>Unsure if it can be disabled or auth'd but I don't see any way to do that.<br>There are some docs which cover it a little bit: <a href="https://techdocs.akamai.com/download-delivery/docs/test-your-dd-property#4-install-an-extension" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">techdocs.akamai.com/download-d</span><span class="invisible">elivery/docs/test-your-dd-property#4-install-an-extension</span></a>. <br>Just though it might not be common knowledge.<br>2/2<br><a href="https://mastodon.social/tags/Akamai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Akamai</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/ReadTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReadTeam</span></a> <a href="https://mastodon.social/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.
Administered by:
Server stats:
380active users
toad.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#readteam
0 posts · 0 participants · 0 posts today
Neil Craig<p>Akamai has what I personally think is a seriously risky mechanism for debugging HTTP requests/responses. You can send an HTTP request header of `pragma: akamai-x-get-extracted-values` for a URL served via Akamai & it'll return `x-akamai-session-info` response headers which include user-defined config variables - that's where the main risk is IMO. People may well not realise this feature exists & use the vars for sensitive info e.g. backend auth keys.<br>1/2<br><a href="https://mastodon.social/tags/Akamai" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Akamai</span></a> <a href="https://mastodon.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mastodon.social/tags/ReadTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ReadTeam</span></a> <a href="https://mastodon.social/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlueTeam</span></a></p>
Wulfy<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@coleens_" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>coleens_</span></a></span> </p><p>The only <a href="https://infosec.exchange/tags/readteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readteam</span></a> skill you need (in front of a client) is;<br><a href="https://hackertyper.net/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">hackertyper.net/</span><span class="invisible"></span></a></p>
Alonso Caballero / ReYDeSIniciamos la segunda sesión del Curso OSINT - Open Source Intelligence 2024. #cybersecurity #hacking #readteam #bugbounty #forensics #osint Más información: https://www.reydes.com/d/?q=Curso_de_OSINT
Alonso Caballero / ReYDeS<p>Disponible el video del Webinar Gratuito: "Nikto para Pentesting". <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/readteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readteam</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forensics</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osint</span></a> ⏳ <a href="https://www.reydes.com/d/?q=videos_2019#wgnippt" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reydes.com/d/?q=videos_2019#wg</span><span class="invisible">nippt</span></a> 💻 <a href="https://www.youtube.com/watch?v=WwLI_QtoYu0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=WwLI_QtoYu</span><span class="invisible">0</span></a></p>
Alonso Caballero / ReYDeS<p>El Curso de OSINT - Open Source Intelligence está disponible en video. Incluye GRATIS mis dos libros "Fundamentos de Hacking Ético" y Fundamentos de Hacking Web". <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/readteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readteam</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forensics</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osint</span></a> Más información en: <a href="https://www.reydes.com/d/?q=Curso_de_OSINT" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">reydes.com/d/?q=Curso_de_OSINT</span><span class="invisible"></span></a></p>
Alonso Caballero / ReYDeS<p>Webshells en Kali Linux - <a href="https://www.reydes.com/d/?q=Webshells_en_Kali_Linux" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reydes.com/d/?q=Webshells_en_K</span><span class="invisible">ali_Linux</span></a> 📌 <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/readteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readteam</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forensics</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osint</span></a></p>
Alonso Caballero / ReYDeS<p>Disponible mi libro sobre "Fundamentos de Hacking Web". <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/readteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>readteam</span></a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bugbounty</span></a> <a href="https://infosec.exchange/tags/forensics" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>forensics</span></a> <a href="https://infosec.exchange/tags/osint" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>osint</span></a> Más información en: <a href="https://www.reydes.com/d/?q=Libro_Fundamentos_Hacking_Web" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">reydes.com/d/?q=Libro_Fundamen</span><span class="invisible">tos_Hacking_Web</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload