Okla.Social

0x40kHey everyone, does this sound familiar? You install a Python package and suddenly feel like you've been robbed blind? 😂Right now, there's a nasty campaign going on targeting PyPI, and it's misusing "time" utilities to swipe cloud credentials. Get this – it's already had over 14,000 downloads! The malware hides in packages that are *supposed* to just check the time. But instead, they're snatching cloud keys (AWS, Azure, the works) and sending them straight to the bad guys.Honestly, it reminds me of a pentest we did where we *almost* missed a similar camouflage trick. Seriously creepy! So, heads up: Double-check your dependencies, run those scans, review your cloud configurations, and above all, be suspicious! And hey, just a friendly reminder: automated scans are no substitute for a manual pentest!Have you run into anything similar? What tools are you using to beef up your security? Let's chat about it!<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/python" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#python</a> <a href="https://infosec.exchange/tags/pypi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pypi</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>

CorelightAs organizations move to multi-cloud environments, securing network traffic becomes increasingly complex. Corelight’s Open NDR offers the deep visibility needed to spot threats across both cloud-native and on-prem traffic. The real challenge isn’t just detecting threats, but understanding them in context.In the cloud, visibility is critical for staying ahead of attackers, ensuring compliance, and maintaining a proactive security posture.🔗 Learn how Open NDR empowers security teams to protect cloud environments with our free guide: <a href="https://go.corelight.com/a-cloud-architects-guide-to-network-security?utm_source=msdtn&utm_medium=organic-social&utm_campaign=ebook&utm_adgroup=architect-guide&utm_content=SSI" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://go.corelight.com/a-cloud-architects-guide-to-network-security?utm_source=msdtn&utm_medium=organic-social&utm_campaign=ebook&utm_adgroup=architect-guide&utm_content=SSI</a><a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/NDR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NDR</a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkSecurity</a> <a href="https://infosec.exchange/tags/NetworkVisibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetworkVisibility</a>

Kyler MiddletonAWS Anti-Patterns: A Security Superpower?I had the pleasure of contributing to the Cloud Security Newsletter with an interview exploring why AWS anti-patterns around Network Firewall - yes, the things we’re told not to do, and how they might actually be the key to strengthening your cloud security posture. 🚀Curious how? Check it out here:Link to the newsletter: <a href="https://www.cloudsecuritynewsletter.com/p/why-aws-anti-patterns-might-be-your-next-cloud-security-superpower" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.cloudsecuritynewsletter.com/p/why-aws-anti-patterns-might-be-your-next-cloud-security-superpower</a> <a href="https://infosec.exchange/tags/AWS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AWS</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/LetsDoDevOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LetsDoDevOps</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨SpiderFoot is an open-source OSINT tool to automate data collection about targets. It supports over 200 modules, integrating DNS, IP, email, and infrastructure analysis. Perfect for security audits or threat intel workflows. <a href="https://infosec.exchange/tags/OSINT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OSINT</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/smicallef/spiderfoot" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/smicallef/spiderfoot</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Sqlmap is an open-source tool for automating SQL injection detection and exploitation. It supports multiple databases like MySQL, PostgreSQL, Oracle, and more. Widely used for penetration testing, it includes features like database dumping, password cracking, and file system access. Remember: powerful tools require responsible use. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PenTesting</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/sqlmapproject/sqlmap</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

G :donor: :Tick:I’m delighted to have attended the Offensive Entra ID And Hybrid AD Security workshop by Dirk-jan Mollema of Outsider Security at <a href="https://infosec.exchange/tags/Insomnihack2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Insomnihack2025</a> sponsored by Orange Cyberdefense! It was a truly insightful and engaging workshop where I learned (in some cases relearned) how <a href="https://infosec.exchange/tags/MicrosoftEntra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MicrosoftEntra</a> *REALLY* works under the covers and how you can abuse the authentication flows (and therefore how you can better defend your Entra tenant and the services that it underpins)!I would thoroughly recommend anyone working in Cloud Security who works with Azure/M365 (and therefore Entra) from a security perspective goes on this workshop when it is next run publicly or indeed engage with Outsider Security to run it internally for you. <a href="https://infosec.exchange/tags/INS2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#INS2025</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/ThinkLikeAnAttacker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ThinkLikeAnAttacker</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Nuclei is a tool for automating vulnerability scanning using customizable YAML-based templates. Its strength lies in speed and flexibility, making it ideal for penetration testers and security researchers. Think of it as crafting your own scanner that adapts to your needs. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/VulnerabilityTesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VulnerabilityTesting</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/projectdiscovery/nuclei" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/projectdiscovery/nuclei</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

0x40kSeriously, backups... still such a headache, right? 🤯 Just stumbled across some stats that suggest a ton of companies are WAY overconfident about their recovery readiness. Seriously, WTF?!Yeah, the cloud's great and all, but let's be real – if you don't have a Plan B (and C, D...), you're toast. Sorry, not sorry, for being blunt. 🙈As a pentester, I see this all the time: Backups are there, sure, BUT... they've never actually been tested. Or they're secured with super old, outdated credentials. Hello, ransomware! 👹Here's my two cents: Backups HAVE to be an integral part of your security strategy, not just some afterthought. We're talking regular testing, preferably automated. And those cloud backups? You've gotta double-check those access permissions! Shadow IT is a HUGE risk! ⚠️What do you guys think? Are backups just a pain in the butt compliance thing, or are they more like a vital insurance policy? 🤔<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/backup" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#backup</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ransomware</a>

0x40kAlright folks, gotta share something kinda alarming I just read: SSRF attacks are seriously picking up steam! 🤯 For those who don't know, SSRF (Server Side Request Forgery) is nasty business. Basically, attackers can trick your server into making requests *for* them. Think internal network snooping, stealing cloud credentials... you know the drill.And get this – it's hitting tons of systems at once (DotNetNuke, Zimbra, VMware, GitLab, Ivanti, you name it!). It almost feels like a coordinated attack, doesn't it?It's especially dicey in the cloud because SSRF can be used to access internal metadata APIs. Yikes!I'm telling you, I once did a pentest where we almost completely missed an SSRF vulnerability being used to compromise internal AWS resources. It was a super close call! 😅So, here's what you should do, pronto:* **Patch like your life depends on it!** (Seriously, this isn't optional) * **Restrict outgoing connections** (Least Privilege is your best friend here!) * **Monitor those outgoing requests** (Gotta catch any suspicious behavior) * **Network segmentation** (This can seriously limit the damage)AI can be helpful for spotting anomalies, but remember: AI is NOT a pentest! Automated scans are nice, but they're no replacement for actual human expertise.Are you seeing more SSRF attacks lately? What tools are you using to detect them? Let me know in the comments.<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/ssrf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssrf</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Mimikatz is a well-known open-source tool for extracting credentials from Windows systems. It can retrieve plaintext passwords, hash credentials, and even Kerberos tickets from memory. Used by both researchers and attackers, it highlights the importance of secure credential management in Active Directory environments. <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/WindowsSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WindowsSecurity</a>🔗 Project link on <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> 👉 <a href="https://github.com/gentilkiwi/mimikatz" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/gentilkiwi/mimikatz</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

Merill Fernando :verified: :donor:🎙️ BIG NEWS: I'm launching Entra.Chat - the podcast identity pros have been waiting for!After years in the identity trenches, I've seen a lot - the midnight calls, the authentication puzzles, and those "how is this even possible?" moments.That's why I created EntraChat - to share the REAL stories behind Microsoft Entra deployments that you won't find in documentation.My first episode drops TODAY with identity wizard Ben Wolfe, who reveals how his team migrated 700 apps and 30,000 users from Okta to Microsoft Entra in just 90 days (while implementing Windows Hello for Business simultaneously!)I've already recorded amazing conversations with identity leaders who've solved problems you're probably facing right now. Their candid insights and battle-tested solutions might just save your next deployment!Upcoming episodes include conversations with ❤️ Kuba Gretzky - Creator of EvilGinx ❤️ Martin Sandren - Product leader at Ikea ❤️ Dhanyah Krishnamoorthy - Product Manager, Microsoft Entra for Connect Sync and Cloud Sync ❤️ Samantha 🦚 Kloos-Kilkens - ❤️ Nathan McNulty - Fountain of knowledge on all things Microsoft SecurityWho's ready to level up their identity knowledge?Drop a 💙 if you're as excited about this as I am!Subscribe with your favourite podcast player: 🎧 Apple Podcast - <a href="https://podcasts.apple.com/us/podcast/entra-chat/id1801200012" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://podcasts.apple.com/us/podcast/entra-chat/id1801200012</a>🎧 Spotify - <a href="https://open.spotify.com/show/2lJSWBTmMWWn4f9u75JvHY" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://open.spotify.com/show/2lJSWBTmMWWn4f9u75JvHY</a>📺 YouTube - <a href="https://www.youtube.com/@merillx/podcasts" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.youtube.com/@merillx/podcasts</a>🎧 Pocketcast - <a href="https://pca.st/10oii6uv" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://pca.st/10oii6uv</a>🎧 Overcast - <a href="https://overcast.fm/itunes1801200012" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://overcast.fm/itunes1801200012</a>🎧 Other podcast apps (rss) - <a href="https://api.substack.com/feed/podcast/1804560/private/17af4edf-5946-4494-a05a-ac8693ba426d.rss" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://api.substack.com/feed/podcast/1804560/private/17af4edf-5946-4494-a05a-ac8693ba426d.rss</a>Episode 1: <a href="https://entra.news/p/from-okta-to-entra-migrating-700" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://entra.news/p/from-okta-to-entra-migrating-700</a><a href="https://infosec.exchange/tags/MicrosoftEntra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MicrosoftEntra</a> <a href="https://infosec.exchange/tags/IdentityManagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#IdentityManagement</a> <a href="https://infosec.exchange/tags/TechPodcast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechPodcast</a> <a href="https://infosec.exchange/tags/AzureAD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AzureAD</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudSecurity</a>

Lenin alevski 🕵️💻New Open-Source Tool Spotlight 🚨🚨🚨Bettercap is a powerful, modular tool for network attacks and monitoring. It supports ARP spoofing, DNS spoofing, packet sniffing, and more. Written in Go, it's flexible and efficient for intercepting and manipulating network traffic on various protocols. <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/networking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#networking</a>🔗 Project link on <a href="https://infosec.exchange/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#github</a> 👉 <a href="https://github.com/bettercap/bettercap" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://github.com/bettercap/bettercap</a><a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Infosec</a> <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Software" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Software</a> <a href="https://infosec.exchange/tags/Technology" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Technology</a> <a href="https://infosec.exchange/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CTF</a> <a href="https://infosec.exchange/tags/Cybersecuritycareer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecuritycareer</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/redteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#redteam</a> <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#blueteam</a> <a href="https://infosec.exchange/tags/purpleteam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#purpleteam</a> <a href="https://infosec.exchange/tags/tips" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tips</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#opensource</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>— ✨ 🔐 P.S. Found this helpful? Tap Follow for more cybersecurity tips and insights! I share weekly content for professionals and people who want to get into cyber. Happy hacking 💻🏴‍☠️

The DefendOps DiariesGoogle's Enhanced Vulnerability Reward Program: A 2024 Milestone<a href="https://thedefendopsdiaries.com/googles-enhanced-vulnerability-reward-program-a-2024-milestone/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thedefendopsdiaries.com/googles-enhanced-vulnerability-reward-program-a-2024-milestone/</a><a href="https://infosec.exchange/tags/googlevrp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#googlevrp</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bugbounty</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a> <a href="https://infosec.exchange/tags/infosectrends" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosectrends</a>

The DefendOps DiariesGoogle’s Bug Bounty Program: A Deep Dive into 2024's Transformative Payouts<a href="https://thedefendopsdiaries.com/googles-bug-bounty-program-a-deep-dive-into-2024s-transformative-payouts/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thedefendopsdiaries.com/googles-bug-bounty-program-a-deep-dive-into-2024s-transformative-payouts/</a><a href="https://infosec.exchange/tags/googlebugbounty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#googlebugbounty</a> <a href="https://infosec.exchange/tags/cybersecurity2024" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity2024</a> <a href="https://infosec.exchange/tags/vulnerabilityrewards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#vulnerabilityrewards</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>

Jay Thoden van Velzen ☁️🛡️:lolsob:with everybody freaking out about TrumpMusk and what that means for our digital sovereignty, here's a little "don't panic, please"Europe is not as much of a powerless victim in this as it may seem<a href="https://infosec.press/jaythvv/19" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://infosec.press/jaythvv/19</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/digitalsovereignty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#digitalsovereignty</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a> <a href="https://infosec.exchange/tags/sovereigncloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sovereigncloud</a>

paulThe Netskope <a href="https://infosec.exchange/tags/Threat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Threat</a> Labs Report <a href="https://infosec.exchange/tags/Financial" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Financial</a> Services 2025 is out!⛈️ 4.7 out of 1000 users click on <a href="https://infosec.exchange/tags/phishing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#phishing</a> links monthly ⛈️ 40% of phishing targets <a href="https://infosec.exchange/tags/cloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloud</a> applications ⛈️ 20% of <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> downloads come from <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GitHub</a> ⛈️ 95% of organizations use <a href="https://infosec.exchange/tags/genAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#genAI</a>, with an average of 10 applications<a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a> <a href="https://www.netskope.com/resources/threat-labs-reports/threat-labs-report-financial-services-2025" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.netskope.com/resources/threat-labs-reports/threat-labs-report-financial-services-2025</a>

0x40kJust stumbled across a stat that blew my mind: apparently, 80% of all cyberattacks happen because someone got their hands on stolen login credentials. Crazy, right? It's like identity is the new battleground out there! And honestly, a lot of companies just don't have a handle on it. I'm seeing fragmented IT setups and permissions all over the place, and that's where the real issues begin.So, what's the answer? Centralizing your identity management, that's what! This will give you a clearer view, let you respond to attacks faster, and automate security measures. Now, Cloud Security? It's way more than just a buzzword. I see it time and time again in my pentests, how easily attackers waltz into systems through unprotected identities. I had a customer recently tell me, "Oh, the cloud's secure, right?" Wrong!Seriously, go and check your IAM permissions in AWS/Azure! Also, use MFA everywhere you can! And don't forget to train your employees to spot those phishing emails!What experiences have you had with centralized identity management? I'm curious to hear! <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>

0x40kSo, Silk Typhoon (aka Hafnium) is now going after the IT supply chain – surprise, surprise! Guess they weren't just content with Exchange Servers. Stealing API keys, exploiting PAM, and compromising cloud apps... it's practically state-of-the-art cyber espionage, isn't it?This totally reminds me of a pentest where a seemingly harmless vendor access almost caused a complete disaster. Don't underestimate this kind of stuff, seriously!A supply chain attack? It's like your locksmith handing out keys to burglars. Talk about a massive breach of trust!And get this: tons of companies completely neglect their cloud configurations. IAM rights, API keys... you can almost always find something vulnerable.Here's the takeaway: Security's way more than just your own firewall. The whole chain's gotta be secure. Don't forget to patch! And awareness training for employees is an absolute must.What security measures do *you* think are most important? Let's hear your thoughts!<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pentest</a> <a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#supplychain</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/hafnium" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hafnium</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a>

theOmegabitWhy AWS anti-patterns might be your next cloud security super power. <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a><a href="https://www.linkedin.com/pulse/why-aws-anti-patterns-might-your-next-cloud-security-vbsoe?utm_source=share&utm_medium=member_ios&utm_campaign=share_via" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.linkedin.com/pulse/why-aws-anti-patterns-might-your-next-cloud-security-vbsoe?utm_source=share&utm_medium=member_ios&utm_campaign=share_via</a>

The DefendOps DiariesSilk Typhoon's Strategic Shift: Targeting IT Supply Chains<a href="https://thedefendopsdiaries.com/silk-typhoons-strategic-shift-targeting-it-supply-chains" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://thedefendopsdiaries.com/silk-typhoons-strategic-shift-targeting-it-supply-chains</a><a href="https://infosec.exchange/tags/silktyphoon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#silktyphoon</a> <a href="https://infosec.exchange/tags/itsupplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#itsupplychain</a> <a href="https://infosec.exchange/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberespionage</a> <a href="https://infosec.exchange/tags/cloudsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cloudsecurity</a> <a href="https://infosec.exchange/tags/zerodayvulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#zerodayvulnerabilities</a>

Recent searches

Search options

Administered by:

Server stats:

#cloudsecurity