mastouille.fr est l'un des nombreux serveurs Mastodon indépendants que vous pouvez utiliser pour participer au fédiverse.
Mastouille est une instance Mastodon durable, ouverte, et hébergée en France.

Administré par :

Statistiques du serveur :

591
comptes actifs

#offsec

0 message0 participant0 message aujourd’hui

Microsoft Copilot for SharePoint just made recon a whole lot easier. 🚨
 
One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...
 
It opened the door to credentials, internal docs, and more.
 
All without triggering access logs or alerts.
 
Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.
 
That’s a problem.
 
Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.
 
📌Read it here: pentestpartners.com/security-b

#introduction

Hi My name is Lucid.H3X im a Infosec nut! I love all things security and tech. My main interests are in WIFI and Cloud based Security as well AI since its the New cutting edge of the cyberworld not to mention I have a huge fascination for malware and how its made and works as well. I also enjoy playing old retro 8bit games It's kinda a problem. When I'm not studying for a cert or in some rabbit hole hacking and tinkering. You can find me most likely out and about at local furry meets or hanging out with my family. FOSS and Crypto supporter ❣️

If you love #wardriving #cybersecurity #infosec #furry #retrogames #retrogaming and all things #tech and #privacy #hacking #osint #offsec related then add me!

PS I'm a pretty big dork and tend to go on huge rants so be warned ahead of time nerds!

Stay Fluffy and Nerdy,

Lucid.H3X

@BSidesNYC 0x03 Recap: In this session, François Proulx discusses what goes on behind the scenes of #supplychainattacks through the lens of SLSA (Supply chain Levels for Software Artifacts), a threat model designed to tackle these emergent threats.

youtube.com/watch?v=gpqLgEqp_j

I'm not well-versed in the many intricacies of production memory controller hardware devices. For those memory controllers that support ECC RAM, do they usually provide a query interface granular enough to peek at cell parity data?

If so, would it at all make sense to use cell parity data as a communications side channel or out-of-band ephemeral storage?

It's been about a week since this happened so I'm probably cool-headed enough to talk about it. First a little background info.

A sales person from Offensive Security (offsec.com/) has been trying to reach out to me for days. First by work email, which I ignored, then through my personal LinkedIn account, which I also ignored.

Then, last week, my son texts me and says, "some guy called me looking for you." I told him I was your son and he said he would try to email. I know that absolutely no one in my professional circle has my son's personal cell number, so I asked him to send me the number that called him.

I call the number back and it's the sales guy from Offensive Security. I immediately asked him how he got my son's number and found out it was part of a ZoomInfo (zoominfo.com/) record for me. I told him to immediately delete any record he has with my son's information.

I then let him know in no uncertain terms that his company was using some shady data gathering practices if they had my son's cell number and because of that I will personally never do business with OffSec again. I also made it clear that he should never reach out to me again.

Even though I hold the #OSCP and #OSCE certifications and even though they were a career changer for me and for my colleagues, I will no longer do business with their company.

OffSecThe Path to a Secure Future | OffSecBuild cyber workforce resilience with our unmatched skills development and hands-on learning platform and library.