Le Pouls Du Monde

0x40kWhoa, looks like BlackLock got hacked. Seriously, it just hammers home how vital good security practices are – even if you're on the *other* side of the fence! Major OPSEC blunder right there, wouldn't you say? 😉And hey, this really drives home another point: relying *only* on automated scans? That's just not cutting it for real-deal pentesting, people. You absolutely have to get hands-on and dig in manually. There's no substitute for it.Honestly, that’s the kind of thorough work our clients appreciate – when we actually probe deeper than just the surface findings. It makes a difference.So, what’s your take? Seems like OPSEC gets overlooked way too often, doesn't it? Curious to hear your thoughts!<a href="https://infosec.exchange/tags/Ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ransomware</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/OPSEC" class="mention hashtag" rel="nofollow noopener" target="_blank">#OPSEC</a>

0x40kMan, npm and supply chain security... seriously a never-ending story. 🙄 Just caught an article about "ethers-provider2" and "ethers-providerz". Get this: these things are actually infecting packages you *already* have installed! 🤯Speaking as a pentester, let me tell ya: you absolutely *have* to run regular checks. Your `package-lock.json`, `yarn.lock`... check 'em all! Trust me, SCA tools are worth their weight in gold in these situations. And listen up, people, MFA for your npm account? That's not some optional extra, it's a straight-up *MUST*!I literally just had a client who thought, "Ah, npm's pretty safe, right?". Yeah, famous last words! 🤦‍♂️So, what're your most insane supply chain attack stories? Lay 'em on me!<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener" target="_blank">#supplychain</a> <a href="https://infosec.exchange/tags/npmsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#npmsecurity</a>

Roy 😷Kitty and myself will be presenting “two workshops (<a href="https://infosec.exchange/tags/resumereviews" class="mention hashtag" rel="nofollow noopener" target="_blank">#resumereviews</a> & <a href="https://infosec.exchange/tags/mockinterviews" class="mention hashtag" rel="nofollow noopener" target="_blank">#mockinterviews</a> ) at <a href="https://infosec.exchange/@owaspboston" class="u-url mention" rel="nofollow noopener" target="_blank">@owaspboston</a> ‘s annual Boston Application Security Conference (BASC) on Saturday (04/05) <a href="https://infosec.exchange/tags/resume" class="mention hashtag" rel="nofollow noopener" target="_blank">#resume</a> <a href="https://infosec.exchange/tags/interviews" class="mention hashtag" rel="nofollow noopener" target="_blank">#interviews</a> <a href="https://infosec.exchange/tags/basc" class="mention hashtag" rel="nofollow noopener" target="_blank">#basc</a> <a href="https://infosec.exchange/tags/basconf" class="mention hashtag" rel="nofollow noopener" target="_blank">#basconf</a> Sign-ups for all workshops will be available the day of the conference. More information at: <a href="https://basconf.org" rel="nofollow noopener" translate="no" target="_blank">https://basconf.org</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/students" class="mention hashtag" rel="nofollow noopener" target="_blank">#students</a> <a href="https://infosec.exchange/tags/professionals" class="mention hashtag" rel="nofollow noopener" target="_blank">#professionals</a> <a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/career" class="mention hashtag" rel="nofollow noopener" target="_blank">#career</a> <a href="https://infosec.exchange/tags/careertransition" class="mention hashtag" rel="nofollow noopener" target="_blank">#careertransition</a> CC <a href="https://infosec.exchange/@owasp" class="u-url mention" rel="nofollow noopener" target="_blank">@owasp</a> -> Limited tickets available, be fast - they will sell out at: <a href="https://www.eventbrite.com/e/owasp-basc-2025-tickets-1277927157529" rel="nofollow noopener" translate="no" target="_blank">https://www.eventbrite.com/e/owasp-basc-2025-tickets-1277927157529</a>BASC 2025 Schedule - <a href="https://basconf.org/schedule/" rel="nofollow noopener" translate="no" target="_blank">https://basconf.org/schedule/</a>Note: 🚨This yearly conference is always “free” for all <a href="https://infosec.exchange/tags/students" class="mention hashtag" rel="nofollow noopener" target="_blank">#students</a> with valid ID in which the fees get refunded back! <a href="https://infosec.exchange/tags/freeforstudents" class="mention hashtag" rel="nofollow noopener" target="_blank">#freeforstudents</a> so please make them aware! All $ goes back to conference and upcoming <a href="https://infosec.exchange/@owaspboston" class="u-url mention" rel="nofollow noopener" target="_blank">@owaspboston</a> meetings. ‼️<a href="https://infosec.exchange/tags/edu" class="mention hashtag" rel="nofollow noopener" target="_blank">#edu</a> <a href="https://infosec.exchange/tags/colleges" class="mention hashtag" rel="nofollow noopener" target="_blank">#colleges</a> <a href="https://infosec.exchange/tags/universities" class="mention hashtag" rel="nofollow noopener" target="_blank">#universities</a> <a href="https://infosec.exchange/tags/massachusetts" class="mention hashtag" rel="nofollow noopener" target="_blank">#massachusetts</a> <a href="https://infosec.exchange/tags/burlington" class="mention hashtag" rel="nofollow noopener" target="_blank">#burlington</a> <a href="https://infosec.exchange/tags/education" class="mention hashtag" rel="nofollow noopener" target="_blank">#education</a>This annual conference includes breakfast, lunch, happy hour, <a href="https://infosec.exchange/tags/CTF" class="mention hashtag" rel="nofollow noopener" target="_blank">#CTF</a> , prizes, training, <a href="https://infosec.exchange/tags/presentations" class="mention hashtag" rel="nofollow noopener" target="_blank">#presentations</a> <a href="https://infosec.exchange/tags/freeparking" class="mention hashtag" rel="nofollow noopener" target="_blank">#freeparking</a> , <a href="https://infosec.exchange/tags/workshops" class="mention hashtag" rel="nofollow noopener" target="_blank">#workshops</a>, <a href="https://infosec.exchange/tags/vendors" class="mention hashtag" rel="nofollow noopener" target="_blank">#vendors</a> , <a href="https://infosec.exchange/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#networking</a> <a href="https://infosec.exchange/tags/network" class="mention hashtag" rel="nofollow noopener" target="_blank">#network</a> and ample time to <a href="https://infosec.exchange/tags/meet" class="mention hashtag" rel="nofollow noopener" target="_blank">#meet</a> old and new people and <a href="https://infosec.exchange/tags/learn" class="mention hashtag" rel="nofollow noopener" target="_blank">#learn</a> new things 🙏👍 <a href="https://infosec.exchange/tags/attendees" class="mention hashtag" rel="nofollow noopener" target="_blank">#attendees</a> <a href="https://infosec.exchange/tags/volunteers" class="mention hashtag" rel="nofollow noopener" target="_blank">#volunteers</a> <a href="https://infosec.exchange/tags/sponsors" class="mention hashtag" rel="nofollow noopener" target="_blank">#sponsors</a> <a href="https://infosec.exchange/tags/relationships" class="mention hashtag" rel="nofollow noopener" target="_blank">#relationships</a> <a href="https://infosec.exchange/tags/bsides" class="mention hashtag" rel="nofollow noopener" target="_blank">#bsides</a> <a href="https://infosec.exchange/tags/defcongroups" class="mention hashtag" rel="nofollow noopener" target="_blank">#defcongroups</a> <a href="https://infosec.exchange/tags/isaca" class="mention hashtag" rel="nofollow noopener" target="_blank">#isaca</a> <a href="https://infosec.exchange/tags/issa" class="mention hashtag" rel="nofollow noopener" target="_blank">#issa</a> <a href="https://infosec.exchange/tags/iapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#iapp</a> We look forward to presenting, connecting with people and meeting you 👍 & thank you for spreading this information to your <a href="https://infosec.exchange/tags/networks" class="mention hashtag" rel="nofollow noopener" target="_blank">#networks</a> network!

0x40kWhoa, 112 SaaS apps per company? Seriously?! 🤯 Most folks don't even realize what's going on...SaaS security is a *huge* deal. I mean, who's actually patching Office 365 correctly? And are you really keeping an eye on permissions? Probably not.We've got Shadow IT, misconfigurations, and third-party risks – the whole shebang! Every app's different. One wrong setting? It is Jackpot time for attackers!As a pentester, I often see how much SaaS is underestimated. I had a client once tell me, "We've got a firewall!" Yeah, but that doesn't cover, well, *everything*.Your SaaS security needs a holistic approach. AI can help, sure, but it's not a magic bullet. Data is crucial for AI, as we know! And AI likes to, shall we say, make stuff up sometimes!So, go check your SaaS configs! Keep an eye out for Shadow IT and third-party vendors. AI tools are cool for monitoring. But, you know, keep it real! Don't forget about those penetration tests!How are *you* securing your SaaS environment? What red flags have you spotted? Let's hear it!<a href="https://infosec.exchange/tags/SaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#SaaS</a> <a href="https://infosec.exchange/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#Security</a> <a href="https://infosec.exchange/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a> <a href="https://infosec.exchange/tags/Pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Pentesting</a> <a href="https://infosec.exchange/tags/CloudSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudSecurity</a>

Recent searches

Search options

Administered by:

Server stats:

#pentesting