Fabian Dellwing

@[email protected]
51 Followers
42 Following
179 Posts

Product Security Manager at MB connect line GmbH - OSCP/OSDA/BTL1 - Blue Team

My posts only contain my personal opinion and are not linked to what my employer thinks.

P.S. Yes, that picture is me. But it is over 20 years old 😜​

GitHubhttps://github.com/fdellwing
DiscordFabian DE#5386
Languages🇩🇪/🇬🇧
Fabian DellwingJan 13
@arnesemsrott Ich bin in einem Dilemma. Ich habe eine IFG Anfrage (https://fragdenstaat.de/a/357373), deren Ergebnis mMn sehr interessant sein könnte. Allerdings wird es diese Information nicht kostenlos geben. Ich weiß, dass die Kosten bei 500€ gedeckelt sind, aber das ist leider mehr als ich persönlich aktuell dafür zahlen kann. Denkst du es macht Sinn für diese Info ein Crowdfunding zu machen? Gibt es irgendeine andere sinnvolle möglich die privaten Kosten für mich zu senken?
Sämtliche Informationen und Kommunikation betreffend den Füllstand der Gasspeicher seit dem 06.05.2025

Sämtliche Informationen und Kommunikation betreffend den Füllstand der Gasspeicher seit dem 06.05.2025, insbesondere aber nicht ausschließlich: Gutachten Lieferverträge E-Mails und SMS von und an Ministerin Reiche

Fabian DellwingJun 26, 2025

#CVE-2025-49144 is such bullshit:

  • When you run an elevated exe, it can do what it wants, it doesn't need another exe for that.
  • It actually does nothing for you if you install 8.8.2, because it's the installer that is vuln.
  • You can't even download version 8.8.2 right now.

Can we please start enforcing CNA rules and actually restrict CNAs that break these rules? When we need CVEs for our products we need to be very precise and correct to not get our CNA in trouble and other CNAs just do what the want without any consequeces.

Fabian DellwingJul 3, 2024
@briankrebs Roll20 is informing its users that they had a data breach on the 29th of June. Possible compromised are first and last name, email address, last known IP and last 4 digits of credit card number.
Fabian DellwingMar 30, 2024

@eb Regarding https://boehs.org/node/everything-i-know-about-the-xz-backdoor

Jia Tan disabled the sandbox on Linux on 2024-02-26 with this commit: https://git.tukaani.org/?p=xz.git;a=blobdiff;f=CMakeLists.txt;h=d2b1af7ab0ab759b6805ced3dff2555e2a4b3f8e;hp=76700591059711e3a4da5b45cf58474dac4e12a7;hb=328c52da8a2bbb81307644efdb58db2c422d9ba7;hpb=eb8ad59e9bab32a8d655796afd39597ea6dcc64d

There is a dot present at the start of the first "empty" line making check_c_source_compiles always fail.

Everything I know about the XZ backdoor

Please note: This is being updated in real-time. The intent is to make sense of lots of simultaneous discoveries

Fabian DellwingMar 29, 2024

@cadey Regarding https://xeiaso.net/notes/2024/xz-vuln/

openSUSE Tumbleweed shipped the backdoored version for 21 days.

https://news.opensuse.org/2024/03/29/xz-backdoor/

liblzma and xz version 5.6.0 and 5.6.1 are vulnerable to arbitrary code execution compromise - Xe Iaso

Fabian DellwingOct 13, 2023
@thunderbird Are you aware of any problems with PGP decryption not working with PGP encrypted attachments? Worked fine beforehand, does not work with Supernova.
Fabian DellwingSep 26, 2023
What is your most annoying security bullshit software and why is it BitSight?
Fabian DellwingAug 22, 2023
Anybody seen this before?
Fabian DellwingAug 1, 2023
Travis Romero 🦸‍♂️Aug 1, 2023

To be honest I kind of hate "giveaways" because often times they are lame, but I have the opportunity to give away a pretty legit prize to one person and I also wanted to selfishly raise awareness to my podcast.

If you or someone you know is interested in entering for a chance to win a free Blue Team Level 1 certification voucher, all you have to do is subscribe to my podcast for free at https://www.infosecsidekick.com

I'll be releasing a conversation with the CEO, Joshua Beaman later today and announcing a winner later this week.

Please feel free to share, boost, and comment on this post to reach those that may benefit most from this.

I wish I could give away more than just one...maybe in the future I will...but for now, this is the best I can do and I hope it really helps someone out there kickstart their career growth.

#infosec #training #podcast #giveaway

Infosec Sidekick | Travis Romero | Substack

A Cyber Security Podcast run by a real practitioner with no motives other than the need to socialize. To support the show, please consider subscribing. Click to read Infosec Sidekick, by Travis Romero, a Substack publication with hundreds of subscribers.

Fabian DellwingJul 26, 2023

I'm happy to announce that I passed BTL1 first try with 90% score.

https://www.credly.com/badges/369367ef-1f53-48ab-8796-b6d457a0a846/public_url

Blue Team Level 1 (BTL1) was issued by Security Blue Team to Fabian Dellwing.

Earners of the Blue Team Level 1 Certification have showcased their practical ability to defend networks and systems from cyber threats through technical and hands-on defensive cybersecurity training. They have knowledge and ability across 5 security operations domains which include Phishing Analysis, Digital Forensics, Threat Intelligence, SIEM, and Incident Response.

Credly