A File Format Uncracked for 20 Years: Part 2

https://landaire.net/a-file-format-uncracked-for-20-years-part-2/

Read on HackerWorkspace: https://hackerworkspace.com/article/a-file-format-uncracked-for-20-years-part-2

#cybersecurity #exploit #penetrationtesting

Social Engineering Exposes Vulnerability in Corporate Networks

A clever phone call can be all it takes to breach a corporate network - just ask Brandon Dixon, a former penetration tester who convinced an IT security team to hand over root access by pretending to be their boss. With a simple social engineering trick, Dixon was able to reset his "password" and gain unrestricted access…

https://osintsights.com/social-engineering-exposes-vulnerability-in-corporate-networks?utm_source=mastodon&utm_medium=social

#SocialEngineering #Challengeresponse #MfaBypass #PenetrationTesting #EmergingThreats

The Bug Bounty Roadmap I'd Follow If I Started Over (With AI)

https://www.youtube.com/watch?v=kujCmXELWqo

#aisecurity #vulnerability #penetrationtesting

How I Got RCE by Bypassing a JavaScript Sandbox

https://www.youtube.com/watch?v=P7naqW180rE

#vulnerability #exploit #penetrationtesting

Sorry.

https://www.youtube.com/watch?v=CjC_9gkqLOo

#cybersecurity #authentication #penetrationtesting

iX-Workshop: Active Directory hacken und schützen

Werden Sie selbst zum Hacker und lernen, wie Angreifer gezielt Schwachstellen in Active Directory ausnutzen, um Server und Domänencontroller zu kompromittieren.

https://www.heise.de/news/iX-Workshop-Active-Directory-hacken-und-schuetzen-11280076.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#ActiveDirectory #Hacking #IT #iXWorkshops #Microsoft #PenetrationTesting #Security #news

Now You See Me: AADGraphActivityLogs

https://cloudbrothers.info/en/aadgraphactivitylogs/

Read on HackerWorkspace: https://hackerworkspace.com/article/now-you-see-me-aadgraphactivitylogs

#cybersecurity #threatintelligence #penetrationtesting

How Hackers Hack Phones In Seconds

https://www.youtube.com/watch?v=vAocLlO7Eqc

#cybersecurity #privacy #penetrationtesting

SERIOUSLY? AGAIN?

I feel like all these bugs (see also Apache Server, Firefox, etc.) are being discovered with Mythos, and they're just slowly trying to patch as many as they can before releasing the 'New Model'.

https://www.youtube.com/watch?v=8s9jaIPR7PU

#cybersecurity #vulnerability #penetrationtesting

World Password Day. The finding that should sting: roughly 60% of credential issues from real pentests this year came from factory defaults still running. FTP, RDP, Redis, Telnet. No brute-forcing needed.

Dragos Sandu, Product Manager at Pentest-Tools.com, shared the data with IT Security Guru. Full piece: https://www.itsecurityguru.org/2026/05/07/world-password-day-2026-the-credential-crisis-hasnt-gone-away-its-just-got-more-dangerous/

#offensivesecurity #penetrationtesting