🚨 *Attention!* We were made aware of a fake “KeePassXC Password Manager Pro” repository on GitHub that links to unverified external binary downloads.
- There is NO Pro version of KeePassXC!
- You get all the “Pro” features with the regular version.
Please download KeePassXC only from trusted distribution channels linked on https://keepassxc.org/ !

@Viss @da_667

@Viss I swore to myself I would never watch any star wars offsprings again but curiosity got the better of me.
This is what star wars should be. It's like, after so many years, someone said : "Hey, what if we actually used all the awesome potential of a fictional world where dictatorship creeps up both within institutions and on external worlds".

In today's episode of All Software Sucks:

If you add a disk to a Windows 11 VM in VMware Workstation, do stuff, power the VM down, and remove the VMDK file, you have painted yourself into a corner.

You will not be able to revert to a snapshot prior to that disk existing because
checks notes
VMware needs for the disk to be there and have the correct encryption key before it will allow you to revert to another snapshot where the disk doesn't exist.

Workaround: Add a disk of the path name to the VM, and then restore your snapshot. 🤦‍♂️

There's a powerful (and dangerous) runtime that's been overlooked by the bad guys, but you need to know about it. This is an introduction to Deno and its offensive capabilities.

https://taggart-tech.com/evildeno/

@GossiTheDog They may however generate alerts when using said secrets to further pawn your network.

Mini Pen Test Diaries Story:

During the open source enumeration phase of an external footprint test, I found a virtual machine that bore the name of the client in its NetBIOS response in Shodan.

Connecting to the machine over HTTP, I found a web app that was very relevant to the industry of the client - so I knew it was likely related.

The strange thing, however, was that Shodan was telling me NetBIOS and SMB were open (that’s how I found the machine in the first place), but I was unable to connect to it over SMB. Port scan showed closed.

I needed to figure out why Shodan was telling me one thing, but my reality was different.

The machine was hosted in Azure, so I figured I’d try rerunning my port scan from a source IP in my own Azure account, to see if I’d get a different result.

Sure enough, SMB was open when scanned from an Azure machine. They’d opened it up to any IP in Azure. No auth. Just an open file share accessible to anyone who was connecting to it from an Azure public source IP.

I reported it, and it turned out that the machine was hosted by a vendor on behalf of the client.

The vendor was insistent that my description of “public access to SMB share” was wrong, since technically it wasn’t open to the internet - just to Azure.

I then pointed out that hey, Azure is a famous example of a “public” cloud for a reason.

They fixed it.

Lesson: always try from different perspectives - such as from within the same providers IP space, you might find what I found.

For more, slightly less mini stories like this ones check out https://infosecdiaries.com

#infosec #pentest #pentesting

Since @wdormann is quoted in this piece and I can't find Dan Wade's handle, I'm tagging him in.

Is this suggesting that the RDP cred cache never gets updated? Ever ever?

Also what's up with this?

Old credentials continue working for RDP—even from brand-new machines.

That makes no sense at all.

https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that

SK Telecom cyberattack: Free SIM replacements for 25 million customers
https://www.bleepingcomputer.com/news/security/sk-telecom-cyberattack-free-sim-replacements-for-25-million-customers/

- Didn't realize these guys were compromised so deeply
- At least they seem to own up to it and take the necessary steps. I'm not sure every operator would have done that.

#telco

@tinker

RECURSION (n.) see: RECURSION

@jerry Did they have a pleasant chat with your dog ?

To my Canadian friends who have an important election next week, I’ll give you some advice my dad once gave me, which has stuck with me all these years and seems very relevant to this situation:

“Jerry” he said
“Don’t fuck it up”

For the first time in my life, I used android studio today and wow did I not like it... An insane factory that froze my VM several times over, all that to handle stuff that I did NOT ask it to handle such as the sync with github.

Then again, it may just be the whole modifying an android app thing that I disliked.

@SwiftOnSecurity "Regular user to domain admin is not a security boundary"

if you dig the original benni benassi track, then you might be pleased to know that it was included in the cyberpunk 2077 soundtrack and sampled into the track 'cyberwildlife park'. It definitely made for good 'fight the giant moosey cyborg humans' music!

https://archive.org/details/cyberpunk-2077-original-score/2-05+Cyberwildlife+Park.m4a

Fortunately, we will still have years of non updated appliances popped. Not even mentionning their abomination of a web mode VPN that they STILL maintain. Or the truckload of vulnerabilities on their VPNSSL that they will never patch even after disclosure because, you know, not supported anymore.

They still manage to disappoint even when they go into the right direction...

https://docs.fortinet.com/document/fortigate/7.6.0/new-features/155142/migration-from-ssl-vpn-tunnel-mode-to-ipsec-vpn-7-6-3#:~:text=Starting%20from%20FortiOS%207.6.3,versions%20to%20FortiOS%207.6.3

Let's take a moment to reflect on the not-at-all fond memories that we have of #Fortigate VPNSSL and how we will absolutely not miss it.

I swear, the general level of security on the internet will soar with just this decision!

The only reason I realized that is because I still want to protect some web app of mine and I can't use basic authentication.
That's when I realized (with horror) that it's not possible to do client certificate auth nor configure a proxy at firefox level...

We're in april 2025, and in the latest release of firefox for android beta, we can FINALLY use TLS client certificate for authentication !!! :ablobcatmaracasevil: