Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
helvede.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Velkommen til Helvede, fediversets hotteste instance! Vi er en queerfeministisk server, der shitposter i den 9. cirkel. Welcome to Hell, We’re a DK-based queerfeminist server. Read our server rules!

Administered by:

Server stats:

161
active users

helvede.net: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#pentesting

1 post1 participant0 posts today
Public
0x40k

Man, this whole AI hype train... Yeah, sure, the tools are definitely getting sharper and faster, no doubt about it. But an AI pulling off a *real* pentest? Seriously doubt that's happening anytime soon. Let's be real: automated scans are useful, but they just aren't the same beast as a genuine penetration test.

Honestly, I think security needs to be woven right into the fabric of a company from the get-go. It can't just be an afterthought you tack on when alarms are already blaring.

Now, don't get me wrong, AI definitely brings its own set of dangers – disinformation is a big one that springs to mind. But here's the thing: we absolutely *have* to get our heads around these tools and figure them out. If we don't keep pace, we risk becoming irrelevant pretty quick.

So, curious to hear what you all think – where do the greatest pitfalls lie with AI in the security field? What keeps you up at night?

#AISecurity#Pentesting#OffensiveSecurity
Public
Florian

When I started the IC_Null channel the idea was to cover topics primarily about #cybersecurity, #hacking, #pentesting etc. from a #blind perspective. Blind as in #screenReader user, that is. But an overarching topic is showing off what jobs are (up to a point) doable for this demographic and where the obstacles are. Today's stream leans that way: we'll be looking at the premier #translation and #localization tool, Trados Studio. Supposedly they have upped their #accessibility as of late. I'll be the judge of that 💀
I'll see you all on #youtube and #twitch just under 1.5 hours from now. https://twitch.tvic_null youtube.com/@blindlyCoding #selfPromo #stream #trados

youtube.comBefore you continue to YouTube
Public
0x40k

Whoa, the IT security world was on FIRE this week! 🤯 Open source supply chain attacks, malware sneaking into the Play Store, ransomware bypassing EDR... and is AI just pouring gasoline on the phishing flames?! Seriously intense! 😳 Cloud security's getting a raw deal and let's be real, backups are only as good as their security.

It's wild how rapidly the threat landscape's evolving, isn't it? Gotta stay sharp, folks! Automated vulnerability scans? They're definitely nice, but manual penetration tests are still essential. And AI? Awesome tech, but also seriously risky. Disinformation and manipulation are spiraling out of control. We've gotta stay vigilant!

So, what are *your* biggest IT security pain points right now? Spill the beans!

#infosec#pentesting#offensiveSecurity
Public
0x40k

Alright folks, CISA's back at it again! 🚨 Looks like Advantive VeraCore and Ivanti EPM are currently in the spotlight.

SQL Injections and Path Traversal, the whole shebang! 🤯 What does this mean for us in the real world? Well, unpatched systems are basically a free lunch for attackers. And yeah, even the ones with fewer skills.

This totally reminds me of that last pentest where we almost took over the entire system with a simple SQLi. Ouch! 😅

So, what's the plan? Patch, patch, patch! And then? Check your configurations, crank up the hardening, and schedule regular pentests!

What security news is keeping you up at night these days? Spill the beans! 👇

#ITSecurity#Pentesting#CISA
Public
0x40k

Alright, Go developers, listen up! 🚨 Seriously crazy stuff is happening in the Go world right now. We're talking major typosquatting issues. Attackers are slithering in and spreading malware via fake packages, can you believe it?

So, for goodness sake, pay super close attention to the names of your modules! One little typo and bam! You've got yourself a nasty infection. As a pentester, I see this kind of thing all the time, sadly. Tiny mistakes, HUGE consequences. This malware then installs a backdoor. Totally not cool, right?

Therefore, check your imports, folks! And make sure you're getting your devs trained up on security. Automated scans? Nice to have, sure, but they're absolutely no substitute for a manual pentest! What are your go-to tools for fighting this kind of attack? Oh, and yeah, IT security *has* to be in the budget, that's just the way it is.

#golang#security#typosquatting
Public
0x40k

Hey everyone, what's cooking in the open-source universe? 🤯 I just stumbled upon something that's seriously mind-blowing.

So, there's this Python library pretending to be a music tool (automslc), but get this – it's actually illegally downloading songs from Deezer! And the worst part? It turns your computer into an accomplice in a huge music piracy operation. Seriously, a digital pirate cove. 🏴‍☠️

And then there's this npm saga with @ton-wallet/create... Crypto wallet emptied, just like that! 💸

The moral of the story? Open source rocks, but blindly trusting everything is a recipe for disaster. Always double-check those dependencies! Automated scans are cool, but a real penetration test? That's pure gold. 🥇

Clients are always so appreciative when we can spot and fix this kind of stuff beforehand!

Now, I'm curious: What are your go-to methods for keeping your codebase squeaky clean and secure? Any tips or tricks you'd like to share?

#infosec#pentesting#devsecops
Public
OWASP Foundation

Take Your Pentesting Skills to the Next Level at OWASP Global AppSec EU 2025!

Join Dawid Czagan for the Full-Stack Pentesting Laboratory, a 100% hands-on 3-day training from May 26-28, 2025. This intermediate-level course is designed for security professionals looking to master modern attack vectors and apply real-world defensive countermeasures across the full tech stack.

owasp.glueup.com/event/123983/

#AppSecEU#OWASP#PenTesting
Public *
SecBSD

We're hyped to announce our first snapshot of february! SecBSD 1.6! Synced with #OpenBSD -current

This is the result of the hard work of our team and the amazing contributions from the open-source community.

MIRRORS:
mirror.secbsd.org/pub/SecBSD/s
mirror.laylo.nl/pub/SecBSD/sna
zqsjg25lnx7zratmne3dhbcqt5paeh

SECBSD MEMBERS:
@h3artbl33d
@Banshee
@dw
@bsdbandit
Purple Rain

SPONSORS:
@laylo
@OpenBSDAms

The SecBSD logo is shown, which is a crow, behind it is the universe with millions of stars.
#SecBSD#Hackers#Hacking
Public
Karsten Johansson

True Story, bruh:

Back in the 90's people would go on about how superior emacs is as an editor. And some cheerleaders would hound me about why I "still" used (and still do today) vi... vim actually. Even for doing things like Usenet news, and the email client. Joe was in a lot of email readers, which is pretty much slobberproof, BUT...

My answer was and still is simple. I hack and break things for a living. I've never seen emacs installed on a bridge, router, or frankly any other network device. Hell, when the web came around, emacs was only rarely on those servers, either. But ed and vi is (was?) on pretty much all of them.

So that's what I learned. And my personal ecosystem and workflow is all about vi(m) and nothing about emacs.

Even though I'm a Lisp cheerleader, lol.

Do I hate emacs? No, but I do very much dislike the overpowering smell of religion that seems permeate it's very existence, like those dirty air lines fuming from the Peanuts character Pigpen.

Some call me a space cowboy. Some call me a gangsta of #Lisp :ablobdj:

#commonlisp#vi#emacs
ExploreLive feeds
About