Mastodawn

“You think it’s just a light bulb—but it’s not off. It’s watching, listening… maybe even hacking.”

LMG Security’s @tompohl revealed how $20 smart outlets and light bulbs can be exploited for WiFi cracking, evil twin attacks, and stealth monitoring—turning everyday gadgets into real-world threats.

In our latest blog, we’ll share:

▪ How attackers can exploit everyday IoT gadgets to breach your organization
▪ Advice on how to lock down your smart tech
▪ Tips on segmentation, firmware auditing, and red teaming

Read the blog: https://www.lmgsecurity.com/i-have-the-power-iot-security-challenges-hidden-in-smart-bulbs-and-outlets/

#IoTSecurity #Cybersecurity #SmartDevices #LMGSecurity #Cyberaware #IoT #Cyber #Tech #CISO #IT #PenetrationTesting #RogueDevices #BSidesDesMoines #Infosec #ITsecurity

I Have the Power: IoT Security Challenges Hidden in Smart Bulbs and Outlets | LMG Security

Did you know smart bulbs and outlets could be spying, attacking, or failing silently? Read our advice on how to tackle IoT security challenges in your network!

LMG Security

Tom Pohl Feb 26

Hacking Webapps for Fun and Profit!
https://youtu.be/vN4lOAuibcc?si=UqR_PA6aHpNiKTnc

I had a really great time putting this presentation together and hopefully it'll inspire you to look at your applications more critically and fix them before someone malicious finds them!

#PenTesting #WebApplication

Hacking Web Apps for Fun and Profit

YouTube

Tom Pohl Feb 20

LMG Security Feb 20

Are Your Web Apps an Open Door for Hackers?

Imagine spending months perfecting your web app, only to find it leaking data like a sieve. Scary, right? That’s exactly what happens when common security flaws go unchecked.

In LMG Security’s latest blog, @tompohl shares jaw-dropping real-world web application security attack case studies from the field, including:

▪ Command Injection Jackpot – A hidden file upload flaw led to full server control.
▪ API Admin Takeover – An overlooked endpoint allowed attackers to create Super Admin accounts.
▪ Heap Dump Disaster – A debugging tool exposed Active Directory credentials and user tokens
.
Read the full blog to learn how hackers target web apps and how to lock them down: https://www.lmgsecurity.com/common-web-application-security-attacks-real-world-lessons-from-the-field/

#Cybersecurity #Security #ITsecurity
#WebAppSecurity #APISecurity #PenTesting #CISO #WebApp #WebApplication #pentest #penetrationtesting #Infosec #DFIR

Common Web Application Security Attacks: Real-World Lessons from the Field | LMG Security

Learn common web app attack strategies! We share how web apps get hacked, common attack tactics, and web application security strategies to keep your organization safe.

LMG Security

Tom Pohl Dec 12, 2024

LMG Security Dec 12, 2024

Cybercriminals are targeting APIs and costing businesses an estimated $75B annually! With rising Web App API attacks, we sat down with our Penetration Testing Team Manager @tompohl to learn why Web App API penetration testing is crucial and five things every API pentest should include. Check out our new blog: https://ow.ly/QSw050UpBIy

#Cybersecurity #APISecurity #API #pentest #PenetrationTesting #WebApp #infosec #CISO #Security

The Critical Role of API Penetration Testing in Your Web App Security Strategy

Web App API penetration testing is frequently overlooked, but APIs are a growing target for attackers. Learn why API penetration testing is crucial and get some tips for what to include in an effective testing program.

LMG Security

Tom Pohl Aug 22, 2024

Are you curious about post exploitation of @F5 Big-IP’s? Check out my latest video on some techniques after you’ve compromised a box!
https://youtu.be/WKEX53S3DSI?si=QzBiyFf2uT20Rh4X

- YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Tom Pohl Apr 19, 2024

@kandi3kan3 hello! Long time no see! Andy told me you said hi!

Tom Pohl Apr 8, 2024

Thanks to @secdsm for letting me come and give my presentation: “I Know What Your Network Did Last Summer!” Such a good time reconnecting with everyone!

https://youtu.be/wwZuSpDP4YY?si=8u0t4VRoDkXxa1Xz

I know what your network did last summer.

YouTube

Tom Pohl Feb 26, 2024

If you haven’t patched the ScreenConnect vulnerability, I would bet your network is already compromised. I made a quick video to help you tell if your installation is vulnerable

https://youtu.be/ud5FP-wHOcs?si=w6Owk8EGu6lGs0NQ

Demo of the ConnectWise ScreenConnect Vulnerability

YouTube

Tom Pohl Jan 5, 2024

Watch this: I recently stayed in a fancy hotel in Times Square and show how easy it is to clone my room key card with a flipper zero
https://youtu.be/F3Xiej-ChgE?si=3ny_cDT_xLC8_wn0

Tom's Pentest Hack of the Week #10: Watch the Flipper Zero in a Physical Penetration Test

YouTube

Tom Pohl Dec 20, 2023

LMG Security Dec 20, 2023

Watch our new technical #pentest "Hack of the Week" with @tompohl! This week, Tom gains access to a UPS battery backup & uses it to get password hashes for admin users. He'll share how he did it & how to avoid this #cybersecurity gap.
https://youtu.be/VPVDJQHF5sY
#pentesting #DFIR #IT

Tom's Pentest Hack of the Week #8: Using Default Credentials for UPS Battery Backup

YouTube

MiniCTF	http://tompohl.com/bio.png
Twitter	https://twitter.com/tompohl
Keybase	https://tompohl.keybase.pub/mastodon.html