toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

240
active users

#pentesting

2 posts2 participants0 posts today
DEF CON<p>All signs point to <a href="https://defcon.social/tags/DEFCONTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCONTraining</span></a> Las Vegas 2025…</p><p>Think you have what it takes? If you recognize qrspba, unpxre, or onqtryvsr then follow the trail to Z2VudmF2YXQucXJzcGJhLmJldAo= to learn more. There’s still time to sign up!</p><p><a href="https://defcon.social/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://defcon.social/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon33</span></a> <a href="https://defcon.social/tags/cybertraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybertraining</span></a> <a href="https://defcon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://defcon.social/tags/cyberdefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberdefense</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/IoT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IoT</span></a> <a href="https://defcon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a> <a href="https://defcon.social/tags/training" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>training</span></a></p>
dan_nanni<p>A reverse shell is a stealthy connection that lets an attacker remotely control a target system by having it initiate the connection, often bypassing firewalls to run commands and exploit weaknesses</p><p>Here is how a reverse shell works 😎👇 <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p><p>Find high-res pdf books with all my <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> related infographics at <a href="https://study-notes.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">study-notes.org</span><span class="invisible"></span></a></p>
mkj<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@aria" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aria</span></a></span> I haven't looked at it in detail but I'm pretty sure you want to check out <a href="https://www.humblebundle.com/books/pentesting-hacking-toolkit-packt-books" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">humblebundle.com/books/pentest</span><span class="invisible">ing-hacking-toolkit-packt-books</span></a></p><p><a href="https://social.mkj.earth/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://social.mkj.earth/tags/EthicalHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EthicalHacking</span></a> <a href="https://social.mkj.earth/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a> <a href="https://social.mkj.earth/tags/BlueTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlueTeam</span></a></p>
DEF CON<p>🚨 Swag alert! 🚨 </p><p>Final preparations are underway for <a href="https://defcon.social/tags/DEFCONTraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DEFCONTraining</span></a> Las Vegas 2025! Take a look below for a sneak preview of this year’s training swag, provided exclusively to students and instructors.</p><p>It’s not too late to sign up. Browse the course offerings and secure your spot today: <a href="https://training.defcon.org/collections/def-con-training-las-vegas-2025" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">training.defcon.org/collection</span><span class="invisible">s/def-con-training-las-vegas-2025</span></a> </p><p><a href="https://defcon.social/tags/defcon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon</span></a> <a href="https://defcon.social/tags/defcon33" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>defcon33</span></a> <a href="https://defcon.social/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://defcon.social/tags/cybertraining" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybertraining</span></a> <a href="https://defcon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://defcon.social/tags/offensivecyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>offensivecyber</span></a> <a href="https://defcon.social/tags/cyberdefense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberdefense</span></a> <a href="https://defcon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://defcon.social/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a></p>
LMG Security<p>Headed to Black Hat 2025? Let's grab a coffee!</p><p>Several LMG Security team members will be running training classes and attending Black Hat 2025 in Vegas next month, and we’d love to connect. Whether you’re an old friend or want to meet for the first time, let’s grab coffee and talk shop. From AI threats to pen testing, we're always up for a good security conversation.</p><p>Drop us a message to set something up: <a href="https://www.lmgsecurity.com/contact-us/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">lmgsecurity.com/contact-us/</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/BlackHat2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackHat2025</span></a> <a href="https://infosec.exchange/tags/BHUSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BHUSA</span></a> <a href="https://infosec.exchange/tags/BlackHat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BlackHat</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/LMGSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LMGSecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTesting</span></a></p>
dan_nanni<p>Cross-site scripting is a security flaw where attackers inject malicious scripts into trusted websites. When users visit the site, their browsers run the script as if it came from the site itself, letting attackers steal data like cookies or session tokens 😎👇 <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://mastodon.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> </p><p>Find high-res pdf books with all my <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> related infographics at <a href="https://study-notes.org" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">study-notes.org</span><span class="invisible"></span></a></p>
Bill<p>A benefit to having a business major who is trained in application development do your vulnerability assessment is that we tend to take things like marketing and vision into account when doing the test. Sometimes, perceptions are an extremely important part of results, and how an attacker will approach a site is driven by those perceptions. </p><p>If you are not a business major, quick tip: Spend 30 minutes doing deep searches on the company name, the owner's names, the type of business they're in, and any unique phrases so that you get an idea of what people are saying. Use a tool. Get a subscription to the Wall Street Journal or FT. Dig through their databases. Hit the Wayback Machine. </p><p>Look on TOR! Set up a couple of accounts on some of the forums on there (obviously don't connect them to your real identity). Do searches before a test - just see what people are saying. Sometimes it's a big deal.</p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a></p>
LMG Security<p>How do attackers go from file shares to full domain admin access without ever stealing a password? In this real-world case study, we'll share how a single misconfiguration opened the door to a full network compromise, and how our <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> team exploited hidden file shares (with that sneaky $ at the end) to uncover sensitive data most IT teams don’t realize is exposed. </p><p>We'll share:<br>• How attackers exploit hidden file shares<br>• Why misconfigured Windows Deployment Services are a major risk<br>• The exact relay attack path that led to domain dominance<br>• What red flags to look for in your environment</p><p>Watch: <a href="https://youtu.be/78L2Zz2Ttbs" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/78L2Zz2Ttbs</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/DomainAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DomainAdmin</span></a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://infosec.exchange/tags/LMGSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LMGSecurity</span></a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RedTeam</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a></p>
SecBurg<p>Humble Tech Book Bundle: The Pentesting &amp; Hacking Toolkit by Packt</p><p><a href="https://secburg.com/posts/humble-tech-book-bundle-pentesting-hacking-toolkit-by-packt/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">secburg.com/posts/humble-tech-</span><span class="invisible">book-bundle-pentesting-hacking-toolkit-by-packt/</span></a></p><p><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/books" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>books</span></a> <a href="https://infosec.exchange/tags/bundle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bundle</span></a></p>
christian mock<p>oida, wer stellt seinen console-serial-port auf 921600 baud? (immerhiin weiß ich jetzt, daß man mit einem esp32-modul einen logic-analyzer bauen kann, der sauber mit 10 MHz samplen kann). <a href="https://chaos.social/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
Parrot Security<p>ParrotOS 6.4 is out now! 🔔</p><p>This release sets the stage for Parrot 7 with upgraded tools, security fixes, and system improvements 🐦💻</p><p>Upgrade via sudo parrot-upgrade or grab a fresh install from the official site 💡</p><p>Click the link down below and read more on the changelog 🔗</p><p><a href="https://parrotsec.org/blog/2025-07-07-parrot-6.4-release-notes" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">parrotsec.org/blog/2025-07-07-</span><span class="invisible">parrot-6.4-release-notes</span></a></p><p><a href="https://mastodon.social/tags/ParrotSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParrotSec</span></a> <a href="https://mastodon.social/tags/ParrotOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ParrotOS</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/CybersecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CybersecurityNews</span></a> <a href="https://mastodon.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a> <a href="https://mastodon.social/tags/PenTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenTest</span></a> <a href="https://mastodon.social/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/linuxdistro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linuxdistro</span></a></p>
Lenin alevski 🕵️💻<p>New Open-Source Tool Spotlight 🚨🚨🚨</p><p>NetExec (formerly CrackMapExec) is a Python-based tool for network enumeration and exploitation, tailored to Active Directory environments. Fully open-source, it's designed for red teams and pentesters tackling complex security contexts. <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a></p><p>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> 👉 <a href="https://github.com/Pennyw0rth/NetExec" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/Pennyw0rth/NetExec</span><span class="invisible"></span></a></p><p><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>News</span></a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CTF</span></a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecuritycareer</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redteam</span></a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blueteam</span></a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>purpleteam</span></a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tips</span></a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cloudsecurity</span></a></p><p>— ✨<br>🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️</p>
Phillip Wylie<p>After 18 years my @YouTube channel is on the brink of a milestone. This is not a big deal for most, but sharing and helping others has been a big focus for me the past 7 years. Growing my channel helps with that mission. Please subscribe. </p><p><a href="https://youtube.com/@phillipwylie" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtube.com/@phillipwylie</span><span class="invisible"></span></a><br><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/offensivesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>offensivesecurity</span></a></p>
Konstantin :C_H:<p>I recently ran into an interesting discrepancy:</p><p>What you see below are 120-bit Session IDs, one printed as hex and one in the format of a <a href="https://infosec.exchange/tags/UUIDv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UUIDv4</span></a>.</p><p>After validating their randomness, I would classify the first as secure but raise concerns about the second.</p><p>Why?</p><p>Well, according to RFC 4122:</p><p>"Do not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example."</p><p>And that's exactly what a session ID is: an identifier whose possession grants access. As such, UUIDs should not be used in such a case.</p><p>What do you think? Is this nitpicking? Or a valid security nuance?</p><p>Does the format in which data is displayed have an impact on its security?</p><p>I'd love to hear your thoughts.</p><p><a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/BugBounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BugBounty</span></a> <a href="https://infosec.exchange/tags/Hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Hacking</span></a></p>
LMG Security<p>New mass scanning activity may be the first step in another MOVEit attack.</p><p>Hackers are actively scanning the internet for exposed MOVEit systems—hundreds of unique IPs every day—suggesting the early stages of coordinated exploitation.</p><p>Threat intel firm GreyNoise warns this is the same pattern seen weeks before past mass attacks. Known MOVEit vulnerabilities, such as CVE-2023-34362 and CVE-2023-36934, are already being tested in the wild.</p><p>If your MOVEit Transfer instance is online and unmonitored, you may already be on an attacker’s target list.</p><p>Now’s the time to:<br>• Patch all known MOVEit vulnerabilities<br>• Limit public-facing access<br>• Monitor for scan activity and open ports<br>• Block IPs identified by threat intelligence feeds<br>• Harden file transfer environments and deploy honeypots if needed</p><p>Scanning isn’t random—it’s reconnaissance. Act now before scanning turns into breach.</p><p>Read the article for details: <a href="https://www.cuinfosecurity.com/scans-probing-for-moveit-systems-may-be-precursor-to-attacks-a-28832" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cuinfosecurity.com/scans-probi</span><span class="invisible">ng-for-moveit-systems-may-be-precursor-to-attacks-a-28832</span></a></p><p><a href="https://infosec.exchange/tags/MOVEit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MOVEit</span></a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/MassScanning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MassScanning</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/AttackSurface" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AttackSurface</span></a> <a href="https://infosec.exchange/tags/LMGSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LMGSecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>penetrationtesting</span></a></p>
LMG Security<p>More information on printer security, since they are often a cybersecurity blind spot!</p><p>Last week, we shared a warning about the unpatchable Brother printer vulnerability (CVE-2024-51978) that puts millions of devices at risk. If you haven’t updated your default admin passwords, do it now.</p><p>Since there was a lot of interest in this topic, we're sharing our classic, but still very relevant, on-demand webinar, "How I met your printer": <a href="https://youtu.be/b6d6RO2AFgw" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/b6d6RO2AFgw</span><span class="invisible"></span></a></p><p><span class="h-card" translate="no"><a href="https://infosec.exchange/@tompohl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tompohl</span></a></span> shares real-world techniques attackers use to exploit printers for initial access and lateral movement—exactly what we see in our penetration tests all the time.</p><p>If you haven’t tested your print infrastructure, now’s the time. Need help? Our pentest team can assess your network and highlight hidden vulnerabilities.</p><p><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybersecurity</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/PrinterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrinterSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/LMGSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LMGSecurity</span></a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NetworkSecurity</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/ITsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsecurity</span></a> <br><a href="https://infosec.exchange/tags/penetrationtesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>penetrationtesting</span></a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentest</span></a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pentesting</span></a></p>
LMG Security<p>Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.</p><p>748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.</p><p>Attackers can:<br>• Gain unauthenticated admin access<br>• Pivot to full remote code execution<br>• Exfiltrate credentials for LDAP, FTP, and more<br>• Move laterally through your network</p><p>Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.</p><p>Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.</p><p>Need help testing your network for exploitable print devices? Contact us and our pentest team can help!</p><p>Read the Dark Reading article for more details on the Brother Printers vulnerability: <a href="https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">darkreading.com/endpoint-secur</span><span class="invisible">ity/millions-brother-printers-critical-unpatchable-bug</span></a></p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/PenetrationTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PenetrationTesting</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentesting</span></a> <a href="https://infosec.exchange/tags/PrinterSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PrinterSecurity</span></a> <a href="https://infosec.exchange/tags/BrotherPrinters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BrotherPrinters</span></a> <a href="https://infosec.exchange/tags/CVE202451978" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CVE202451978</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.exchange/tags/SMB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMB</span></a> <a href="https://infosec.exchange/tags/CISO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CISO</span></a> <a href="https://infosec.exchange/tags/Cyberaware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberaware</span></a> <a href="https://infosec.exchange/tags/DFIR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DFIR</span></a> <a href="https://infosec.exchange/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITSecurity</span></a> <a href="https://infosec.exchange/tags/ZeroTrust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ZeroTrust</span></a> <a href="https://infosec.exchange/tags/PatchNow" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PatchNow</span></a> <a href="https://infosec.exchange/tags/Pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pentest</span></a></p>