My mission is to humbly serve the curious with excitement!
Hacking Webapps for Fun and Profit!
https://youtu.be/vN4lOAuibcc?si=UqR_PA6aHpNiKTnc
I had a really great time putting this presentation together and hopefully it'll inspire you to look at your applications more critically and fix them before someone malicious finds them!
Are Your Web Apps an Open Door for Hackers?
Imagine spending months perfecting your web app, only to find it leaking data like a sieve. Scary, right? That’s exactly what happens when common security flaws go unchecked.
In LMG Security’s latest blog, @tompohl shares jaw-dropping real-world web application security attack case studies from the field, including:
▪ Command Injection Jackpot – A hidden file upload flaw led to full server control.
▪ API Admin Takeover – An overlooked endpoint allowed attackers to create Super Admin accounts.
▪ Heap Dump Disaster – A debugging tool exposed Active Directory credentials and user tokens
.
Read the full blog to learn how hackers target web apps and how to lock them down: https://www.lmgsecurity.com/common-web-application-security-attacks-real-world-lessons-from-the-field/
#Cybersecurity #Security #ITsecurity
#WebAppSecurity #APISecurity #PenTesting #CISO #WebApp #WebApplication #pentest #penetrationtesting #Infosec #DFIR
Cybercriminals are targeting APIs and costing businesses an estimated $75B annually! With rising Web App API attacks, we sat down with our Penetration Testing Team Manager @tompohl to learn why Web App API penetration testing is crucial and five things every API pentest should include. Check out our new blog: https://ow.ly/QSw050UpBIy
#Cybersecurity #APISecurity #API #pentest #PenetrationTesting #WebApp #infosec #CISO #Security
@epixoip @baybedoll congratulations!!! I am so happy for all of you!!!
Are you curious about post exploitation of @F5 Big-IP’s? Check out my latest video on some techniques after you’ve compromised a box!
https://youtu.be/WKEX53S3DSI?si=QzBiyFf2uT20Rh4X
@kandi3kan3 hello! Long time no see! Andy told me you said hi!
Thanks to @secdsm for letting me come and give my presentation: “I Know What Your Network Did Last Summer!” Such a good time reconnecting with everyone!
If you haven’t patched the ScreenConnect vulnerability, I would bet your network is already compromised. I made a quick video to help you tell if your installation is vulnerable
Watch this: I recently stayed in a fancy hotel in Times Square and show how easy it is to clone my room key card with a flipper zero
https://youtu.be/F3Xiej-ChgE?si=3ny_cDT_xLC8_wn0
Watch our new technical #pentest "Hack of the Week" with @tompohl! This week, Tom gains access to a UPS battery backup & uses it to get password hashes for admin users. He'll share how he did it & how to avoid this #cybersecurity gap.
https://youtu.be/VPVDJQHF5sY
#pentesting #DFIR #IT
Watch as
@sherridavidoff
and I demonstrate a full network takeover, starting with zero access from the Internet by exploiting the latest F5 vulnerability! We also share advice on how to thwart attackers with simple configuration changes.
So after coming home from work every week and telling @sherridavidoff about a great hack the team has done, she started recording me telling stories and now it’s a whole thing and we’ve made a sub-channel on youtube for my weekly pentesting tips! Here is the latest.
https://youtube.com/playlist?list=PL1LG1PYIfDieYC761UIxKFv2RXRJ5zq2U&si=0tpqit7XyLBZ5SWz
@lordgaav Thanks Nick!
@BobertHepker Thank you! I really enjoyed bringing it to you!
Watch this week's new technical #pentesting video to see @tompohl leverage one of his favorite #pentest attack targets--the #printer! He'll show you how hackers can circumvent an internal firewall & how to reduce your risk. https://youtu.be/6blbF0OjuMY?feature=shared
#DFIR #cybersecurity #IT
@calin2k ha! True but then you wouldn’t have anything you could drink your woes away with 🤣
@educoder thank you!! I’m so glad you enjoyed it!
@tartas1995 Thanks! I’m really glad you enjoyed it!!
@takeitev Thanks! I really appreciate it!
