det.social

Xavier «X» Santolaria :verified_paw: :donor:🔥 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> list of resources for week #33/2025 is out!It includes the following and much more:🗓️ 🩹 August Patch Tuesday;🇺🇸 🇷🇺 U.S. government seized $1 million in <a href="https://infosec.exchange/tags/Bitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Bitcoin</a> from Russian ransomware gang;🤖 🔓 OpenAI's GPT-5 has faced backlash for poor performance in security and safety;📂 🔓 <a href="https://infosec.exchange/tags/WinRAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#WinRAR</a> vulnerability exploited;🧨 New MadeYouReset HTTP/2-based DDoS Attacks;🎣 ✈️ Booking.com phishing campaign uses sneaky 'ん' character to trick you;📨 Subscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecMASHUP</a> newsletter to have it piping hot in your inbox every week-end ⬇️<a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-33-2025" rel="nofollow noopener" translate="no" target="_blank">https://infosec-mashup.santolaria.net/p/infosec-mashup-33-2025</a>

Laurent CheylusOpenSSH Post-Quantum Cryptography - OpenSSH 10.1 will warn the user when a non post-quantum key agreement scheme is selected, can be disabled with "WarnWeakCrypto" option <a href="https://bsd.network/tags/Infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infosec</a> <a href="https://bsd.network/tags/Cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cryptography</a> <a href="https://www.openssh.com/pq.html" rel="nofollow noopener" target="_blank">https://www.openssh.com/pq.html</a>

Shodan SafariASN: AS12167 Location: Dallas, US Added: 2025-08-14T21:39<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

CryspenHow do we prove our cryptography is secure? 🧐Join a talk by our Chief Researcher, Karthikeyan Bhargavan, on the rise of formally verified crypto! Learn how libraries like HACL* & libcrux are securing Firefox, Signal & OpenSSH with formally verified guarantees, even against quantum computers. 🛡️We'll cover recent breakthroughs, challenges, and a vision for verifying giants like OpenSSL.<a href="https://ioc.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptography</a> <a href="https://ioc.exchange/tags/formalverification" class="mention hashtag" rel="nofollow noopener" target="_blank">#formalverification</a> <a href="https://ioc.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://ioc.exchange/tags/PQC" class="mention hashtag" rel="nofollow noopener" target="_blank">#PQC</a> <a href="https://ioc.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://cfp.openssl-conference.org/openssl-conference-2025/talk/NPWQHG/" rel="nofollow noopener" translate="no" target="_blank">https://cfp.openssl-conference.org/openssl-conference-2025/talk/NPWQHG/</a>

Shodan SafariASN: AS12322 Location: Saint-Étienne, FR Added: 2025-08-14T17:46<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS132300 Location: Bangkok, TH Added: 2025-08-14T20:21<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

BobDaHacker 🏳️‍⚧️ | NB🎢 Hacked South Park's Casa Bonita. Could access their entire POS system and see all customer payments/tips and more 😬Technical details:<ul><li>Founders Club admin panel: No auth required, all member emails exposed</li><li>POS registration: Form disabled client-side only, API endpoint still functional</li><li>Reservation enumeration: Sequential IDs exposed full customer data</li><li>Full control over customer tabs, payments, and inventory</li><li>Supabase misconfiguration: Public signups triggered automated membership cards</li></ul>No security.txt anywhere. Had to email parkcounty.com addresses then get help from my friend whose company partners with South Park.Fixed fast but never thanked me. Got a Founders Club card 6 months later though, because the system automatically sends them 😂Full Technical Writeup: <a href="https://bobdahacker.com/blog/i-hacked-southpark" rel="nofollow noopener" translate="no" target="_blank">https://bobdahacker.com/blog/i-hacked-southpark</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://infosec.exchange/tags/responsibleDisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#responsibleDisclosure</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/southpark" class="mention hashtag" rel="nofollow noopener" target="_blank">#southpark</a> <a href="https://infosec.exchange/tags/CasaBonita" class="mention hashtag" rel="nofollow noopener" target="_blank">#CasaBonita</a>

BobDaHacker 🏳️‍⚧️ | NB🍔 Found huge security flaws in McDonald's - crew members could access sites reserved for corporate employees with internal functions, API keys exposed, and more. Had to call their HQ and pretend to know people just to report it 🤦Technical details:<ul><li>Design Hub: Used to be client sided password, Registration endpoint exists and works even tho they dont want signups</li><li>TRT portal: Crew accounts could enumerate/impersonate all employees from general manager to CEO</li><li>GRS panel: Complete authentication bypass, arbitrary HTML injection</li><li>Magicbell API keys/secrets exposed in client-side JS</li><li>Algolia indexes listable with user PII</li><li>CosMc's: Server-side validation missing for coupon redemption</li></ul>They fixed it but fired my friend who helped find the OAuth vulnerabilities.Full Technical Writeup: <a href="https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities" rel="nofollow noopener" translate="no" target="_blank">https://bobdahacker.com/blog/mcdonalds-security-vulnerabilities</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/bugbountry" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbountry</a> <a href="https://infosec.exchange/tags/responsibledisclosure" class="mention hashtag" rel="nofollow noopener" target="_blank">#responsibledisclosure</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a>

Shodan SafariASN: AS4134 Location: Shenzhen, CN Added: 2025-08-13T21:18<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Mike ShewardMini Pen Test Diaries story, happened in the last couple of years. The debrief meeting went like this:“In your report you said you we’re able to crack the domain admin account instantly because the password was stored using the LM hash?”“That’s right, yes.”“But we’ve had LM hashing disabled for like 15 years, that can’t be possible?!”“When was the last time that password was changed?”“Well it’s been the same since I got here, 20 years ago.”“And what hashing mechanism do you think was used back then?”“Oh no."For more, less mini stories like this, check out <a href="https://infosecdiaries.com" rel="nofollow noopener" translate="no" target="_blank">https://infosecdiaries.com</a>.<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#redteam</a>

Dumb Password RulesThis dumb password rule is from Coventry Building Society.Password has to be between 6 and 10 characters, can't contain any punctuation and you have to give characters from it on the phone to confirm identity.<a href="https://dumbpasswordrules.com/sites/coventry-building-society/" rel="nofollow noopener" translate="no" target="_blank">https://dumbpasswordrules.com/sites/coventry-building-society/</a><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener" target="_blank">#password</a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener" target="_blank">#passwords</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/dumbpasswordrules" class="mention hashtag" rel="nofollow noopener" target="_blank">#dumbpasswordrules</a>

Elias MårtensonThe <a href="https://functional.cafe/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> product universe is weird. They sure are into trying to sell magic bullets. What in the world is "AI boot verification"?

Shodan SafariASN: AS24940 Location: Falkenstein, DE Added: 2025-08-14T09:41<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS132203 Location: Singapore, SG Added: 2025-08-12T20:46<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS11525 Location: Greenwood, US Added: 2025-08-14T05:13<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS29802 Location: New York City, US Added: 2025-08-14T18:24<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS48551 Location: Shiraz, IR Added: 2025-08-15T01:09<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS29119 Location: Aranda de Duero, ES Added: 2025-08-15T01:18<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS17996 Location: Sleman, ID Added: 2025-08-14T04:07<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Shodan SafariASN: AS16276 Location: Calais, FR Added: 2025-08-12T23:23<a href="https://infosec.exchange/tags/shodansafari" class="mention hashtag" rel="nofollow noopener" target="_blank">#shodansafari</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Recent searches

Search options

Administered by:

Server stats:

#infosec