Jonas Vestberg

@[email protected]
336 Followers
233 Following
146 Posts
Privilege Escalation Engineer @ WithSecure
Twitterhttps://twitter.com/bugch3ck
Githubhttps://github.com/bugch3ck
BlueSkyhttps://bsky.app/profile/bugch3ck.bsky.social
Jonas VestbergFeb 18, 2023
Disclosed today at the #Disobey conference - psexec from #impacket expose the target system for authenticated command execution as SYSTEM. That means any user that can authenticate over the network (usually Domain Users) can run code as SYSTEM over the network.
Jonas VestbergJan 3, 2023
Every parent knows...
Show threadJonas VestbergJan 2, 2023
Another one...
Jonas VestbergJan 2, 2023

Seems like there is a shady ad campaign on LinkedIn. The shortened LinkedIn url expands to the correct domain (hbl.fi). But if I click the ad i get to a completely different domain (bigroup.design) spoofing a newspaper (DN) and pushing Bitcoin Code.

Haven't looked at the redirect flow in Burp, but it could potentially be a vuln in LinkedIn, allowing link-spoofing in Promoted content.

Jonas VestbergDec 10, 2022
Jonas VestbergDec 6, 2022
Posted without comment. #softronic #akassorna
Show threadJonas VestbergDec 2, 2022
Howto not write an error message.
Jonas VestbergDec 2, 2022
So Norrköping municipality got owned? They have OWA and RDS exposed to the internet without obvious signs of MFA in place. 🤷‍♂️
Jonas VestbergNov 20, 2022
Henry Rollins is my spirit animal.
Jonas VestbergNov 20, 2022

RT @[email protected]

See if you can spot Dave Grohl cleverly hidden in this photo.

🐦🔗: https://twitter.com/ThatEricAlper/status/1593907013272145920

Eric Alper 🎧 on Twitter

“See if you can spot Dave Grohl cleverly hidden in this photo.”

Twitter