Pentagrid AG's Avatar

Pentagrid AG

@pentagrid.bsky.social

Pentagrid performs technically solid IT security assessments. Website: https://www.pentagrid.ch/ Mastodon: https://infosec.exchange/@pentagrid Imprint: https://www.pentagrid.ch/en/pages/imprint-and-contact/

34 Followers  |  0 Following  |  13 Posts  |  Joined: 11.10.2023  |  1.1609

Latest posts by pentagrid.bsky.social on Bluesky

Preview
An excursion into Airlock WAF ruleset testing A story about looking at the effectiveness of web application firewalls (WAFs) and finding bypasses for the filter ruleset.

A story about looking at the effectiveness of web application firewalls and finding bypasses for the filter ruleset. www.pentagrid.ch/en/blog/airl... #WAF #OWASP #coreruleset #ergon #airlock

11.12.2024 12:44 — 👍 3    🔁 2    💬 0    📌 1
Preview
Hackvertor EAN-13 and TOTP tags for web-application penetration testin Using Hackvertor tags for Swiss social security number and EAN-13 generation and for second factor authentication with TOTP in web pentests.

Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes.co.uk. Our blog post explains what these tags do and how they can be used. www.pentagrid.ch/en/blog/hack... #pentest #OWASP #Burp

06.12.2024 08:59 — 👍 7    🔁 4    💬 0    📌 0
Preview
Career Open job postings for IT-Security Analysts, Penetration testers and Red Teamer

Pentagrid is looking for an IT security analyst (d/f/m) in Buchs SG, Switzerland. www.pentagrid.ch/en/pages/car... #hiring #infosec #pentesting #infosecjob

02.10.2024 12:31 — 👍 0    🔁 1    💬 0    📌 0
Preview
How to prevent domain verification bypasses of your server certificate Description of the CAA accounturi binding to mitigate or prevent domain verification bypasses and monitoring approaches like certificate transparency log analysis.

If you want to protect your IT #infrastructure against #MITM attacks where an attacker bypasses domain verification to obtain valid certificates, you may want to use #CAA and #accountURI binding, which is easy to set up. www.pentagrid.ch/en/blog/doma... #hardening

10.06.2024 10:15 — 👍 0    🔁 1    💬 0    📌 0
Preview
Kiosk mode bypass for an Ariane Allegro Scenario Player based hotel ch A hotel check-in kiosk application crashed when entering a single quote into the guest search, which enabled access to the Windows Desktop. The terminal uses the Ariane Allegro Scenario Player.

It happened again. We accidentally broke another #hotel check-in #terminal. This time Mr O'Yolo triggered a problem, crashed the #Ariane Allegro Scenario Player and escaped the #kiosk mode, which enabled access to the Windows Desktop: www.pentagrid.ch/en/blog/aria... #itsecurity #infosec

05.06.2024 07:30 — 👍 1    🔁 1    💬 1    📌 0

This is not a late April Fool's joke: After #37C3, we accidentally dumped the keypad codes of almost half of an IBIS hotel's rooms by entering some dashes into a check-in terminal: www.pentagrid.ch/en/blog/ibis... #itsecurity #infosec #ibis #accor #terminal #hotel

02.04.2024 19:54 — 👍 2    🔁 1    💬 0    📌 0

#SQLinjection in login dialog of web-based #YABOOK harbour administration allows authentication bypass
www.pentagrid.ch/en/blog/sql-...
#pentest #sailing #hafenverwaltung #imonaboat

12.03.2024 20:04 — 👍 0    🔁 1    💬 0    📌 0

Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices: www.pentagrid.ch/en/blog/mult... #itsecurity #infosec #pentesting #lantronix #iot #medical

08.01.2024 09:49 — 👍 0    🔁 1    💬 0    📌 0
Preview
GitHub - pentagridsec/openstage-exploit-chain: Multiple vulnerabilities in Mitel Unify OpenStage and... Multiple vulnerabilities in Mitel Unify OpenStage and OpenScape phones allow a remote compromise in the unhardened default configuration and an elevation of privileges to become the root user. - Gi...

♫ Ground control to Major Tom, take the patch and put secure mode on. ♫ github.com/pentagridsec... #openstage #openscape #unify

08.12.2023 06:00 — 👍 0    🔁 1    💬 0    📌 0
Preview
Remote code execution and elevation of local privileges in Mitel Unify Multiple vulnerabilities in Mitel Unify OpenStage and OpenScape phones allow a remote compromise in the unhardened default configuration and an elevation of privileges to become the root user.

RCE and LPE in a wide range of Mitel Unify #OpenStage and #OpenScape VoIP phones with default config: www.pentagrid.ch/en/blog/rce-... #itsecurity #infosec #pentesting #voip #unify

08.12.2023 06:00 — 👍 0    🔁 1    💬 1    📌 0

A few email-related Python libraries do not check server certificates. It is nothing new, but a bit surprisingly in 2023 and not everyone got the memo. www.pentagrid.ch/en/blog/pyth... #itsecurity #infosec #pentesting #python #email #bugbounty

14.11.2023 09:40 — 👍 1    🔁 1    💬 0    📌 0

The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. www.pentagrid.ch/en/blog/stor... #itsecurity #infosec #pentesting

17.10.2023 05:16 — 👍 1    🔁 1    💬 0    📌 0

Hello World!

11.10.2023 11:58 — 👍 3    🔁 0    💬 0    📌 0