Pentagrid AG

Pentagrid performs technically solid IT security assessments.

2024-12-11

A story about looking at the effectiveness of web application firewalls and finding bypasses for the filter ruleset. pentagrid.ch/en/blog/airlock-w #WAF #OWASP #coreruleset #ergon #airlock

2024-12-06

Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes. Our blog post explains what these tags do and how they can be used. pentagrid.ch/en/blog/hackerver #pentest #OWASP

2024-10-02

Pentagrid is looking for an IT security analyst (d/f/m) in Buchs SG, Switzerland. pentagrid.ch/en/pages/career/ #FediHire #infosec

2024-06-17

Today, our certificate transparency monitoring popped up with an InvalidSignature exception, because we didn't add the recent Let's Encrypt intermediate CAs as monitoring trust anchors. We updated the documentation accordingly, but it is good to see it working. If you want to monitor your certificates, you may run your own instance. github.com/pentagridsec/check-

2024-06-10

If you want to protect your IT #infrastructure against #MITM attacks where an attacker bypasses domain verification to obtain valid certificates, you may want to use #CAA and #accountURI binding, which is easy to set up. pentagrid.ch/en/blog/domain-ve #hardening

2024-06-05

Our colleague Michael will be speaking about #Unify #OpenScape and #OpenStage #VoIP phones at the #Area41 security conference in Zurich on June 6. If you use these VoIP systems, we recommend coming to the talk.

2024-06-05

It happened again. We accidentally broke another #hotel check-in #terminal. This time Mr O'Yolo triggered a problem, crashed the #Ariane Allegro Scenario Player and escaped the #kiosk mode, which enabled access to the Windows Desktop: pentagrid.ch/en/blog/ariane-al #itsecurity #infosec

2024-04-02

This is not a late April Fool's joke: After #37C3, we accidentally dumped the keypad codes of almost half of an IBIS hotel's rooms by entering some dashes into a check-in terminal: pentagrid.ch/en/blog/ibis-hote #itsecurity #infosec #ibis #accor #terminal #hotel

2023-12-11

Multiple vulnerabilities affecting #Atos #Unify IP Devices - the vendor published OBSO-2312-01: networks.unify.com/security/ad

2023-12-08

♫ Ground control to Major Tom, take the patch and put secure mode on. ♫ github.com/pentagridsec/openst #openstage #openscape #unify

2023-11-14

Summer is clearly over and silly season, too. We saw neither alligators in the swimming lake nor lions in town, but a a snake curling through the infrastructure. It was a #python. A few email-related Python libraries do not check server certificates. It is nothing new, but still a bit surprising in 2023 and not everyone got the memo.

pentagrid.ch/en/blog/python-ma
#itsecurity #infosec #pentesting #python #email #bugbounty

2023-10-17

I think a 9.0 for CVS-2023-42629 is a bit overrated, because of PR:L, but anyway Liferay publishes an advisory for this: liferay.dev/portal/security/kn

2023-10-17

The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. pentagrid.ch/en/blog/stored-cr #itsecurity #infosec #pentesting

2023-10-03

Wir haben ein Werkzeug in Python geschrieben, dass Dateiarchive wie zip, tar und cpio generiert welche Path Traversal Angriffe beinhalten: pentagrid.ch/de/blog/archive-p #itsicherheit #informationssicherheit #pentesting

2023-10-03

We wrote a tool in Python to create file archives such as zip, tar and cpio that include path traversal attacks: pentagrid.ch/en/blog/archive-p #itsecurity #infosec #pentesting

2023-09-19

We analysed the security of a #WindRiver #VxWorks (the operating system running also on NASA's Curiosity mars rover) embedded device and found a critical vulnerability in the #tarExtract function: pentagrid.ch/en/blog/wind-rive #itsecurity #infosec #pentesting #cisa #vxworks

2023-09-18

Wir haben uns das Liechtensteiner #Gesundheitsdossier und die zugrunde liegende Portal-Software #Liferay angeschaut. Im Ergebnis haben wir Verwundbarkeiten in Liferay gefunden und Schwächen im IT-Setup: pentagrid.ch/de/blog/it-sicher #itsicherheit #informationssicherheit #eHealth #eGD

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst