I've recently red a blog post stating 'Google leaves x Million Android devices vulnerable to a new Exploit'
I don't really sympathize with Google, but it's simply the wrong message... It should be more like FUCK VENDORS, WHO WON'T SUPPLY UPDATES TO DEVICES OLDER THAN 1.5 YEARS
Seriously, it's them who make you stuck on outdated OS versions... Just imagine you could only install Windows Vista on your 2014 Lenovo ThinkPad, because it's considered outdated...
FUCK VENDORS (again, just in case)

The company i work for has a jenkins server (for people that don't know jenkins, it's an automated build service that gets the latest git updates, pulls them and then builds, tests and deploys it)

Because it builds the software, people were scared to update it so we were running version 1.x for a long time, even when an exploit was found... Ooh boy did they learn from that...

The jenkins server had a hidden crypto miner running for about 5 days...

I don't know why we don't have detectors for that stuff... (like cpu load being high for 15 minutes)

I even tried to strengthen our security... You know basic stuff LIKE NOT SAVING PASSWORDS TO A GOOGLE SPREADSHEET! 😠

But they shoved it asside because they didn't have time... I tried multiple times but in the end i just gave up...

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

Got bit by a hacked repo. It was compromised for all of like 30-some seconds. No intrusions, but now I can't set my root password (passwd goes "oh, yeah, we got this" then it does... nothing...) and Weyland/X/Gnome/Cinnamon/KDE/whatever the kids use nowadays are all busted (they all start, but they just hang tty1 and whatever other console invoked it). Tried reinstalling all those kinds of things, didn't help.

fml

A self-proclaimed "crypto guru" who sold a $5,000 course, promising access to an exclusive “trading group,” turned my excitement for cryptocurrency into a nightmare. Initially, I was thrilled at the prospect of learning from an expert and making lucrative returns in the market. However, my enthusiasm quickly faded as I realized I had been misled. Members of the group were aggressively upsold fake trading signals and encouraged to invest in a private pool that required an additional access fee of $20,000.As I began to notice inconsistencies and a lack of real results, I felt increasingly frustrated and deceived. It became evident that I had fallen into a trap designed to exploit newcomers like myself. The promises of wealth and insider knowledge were nothing more than a façade, leaving me feeling vulnerable and exploited. Desperate for a solution, I reached out to CRANIX ETHICAL SOLUTIONS HAVENS HAVENS, a firm that specializes in online fraud investigations. Their team was incredibly supportive and took my case seriously, providing me with a glimmer of hope in a dire situation. CRANIX ETHICAL SOLUTIONS HAVENS HAVENS's investigators conducted a thorough examination of the scheme. They discovered that the trading bot associated with the operation was only pulling market prices but wasn’t executing any trades at all. This revelation confirmed my worst fears: I had been scammed. With the evidence gathered by CRANIX ETHICAL SOLUTIONS HAVENS HAVENS, the case was escalated to the Federal Trade Commission (FTC), which was crucial in bringing civil charges against the perpetrator. Thanks to the diligent work of CRANIX ETHICAL SOLUTIONS HAVENS HAVENS and the FTC, I was relieved to receive a refund of $25,000 through PayPal and USDT. This recovery helped alleviate some of the financial burden I had faced and restored my faith in the possibility of justice. CRANIX ETHICAL SOLUTIONS HAVENS HAVENS not only assisted in recovering my funds but also provided invaluable support throughout the entire process, making me feel less alone in my struggle. This has been a harsh lesson about the risks associated with cryptocurrency investments. I now understand the importance of conducting thorough research before engaging with any online trading platforms. I am immensely grateful for the help I received from CRANIX ETHICAL SOLUTIONS HAVENS HAVENS, as they played a crucial role in recovering my funds and holding the scammer accountable. I hope my story serves as a warning to others to be cautious in the world of cryptocurrency. It’s essential to remain vigilant and skeptical, especially when promises seem too good to be true. CRANIX ETHICAL SOLUTIONS HAVENS HAVENS has shown me that there is hope for victims of online fraud, and I encourage anyone in a similar situation to seek their assistance.
EMAIL: c r a n i x e t h i c a l s o l u t i o n s h a v e n @ p o s t .c o m
WEBSITE: h t t p s :/ / c r a n i x e t h i c a l s o l u t i o n s h a v e n . i n f o
WHATSAPP: + 4 4 7 4 6 0 6 2 2 7 3 0 

INVESTMENT SCAM FUND RECOVERY VISIT → → SPARTAN TECH GROUP RETRIEVAL

Glory be to Almighty God, who in His infinite mercy has restored my life and my finances. My journey to recovery from a devastating financial loss began when I met a woman on X, who portrayed herself as an investment specialist. She convinced me to send her a substantial sum of money, 50k to be exact, just a few days after we started communicating. At first, things seemed to go smoothly, and I trusted her intentions. But the following day, I suffered a shocking betrayal. Somehow, she managed to gain access to my retirement account, and overnight, she drained everything. The pain and heartbreak I felt in those moments were indescribable. Not only had I lost my hard-earned money, but my future seemed uncertain, and I couldn’t fathom how someone could so easily deceive and exploit my trust. In the midst of my distress, I was fortunate enough to meet an old classmate at a local bus station. He noticed my frustration and, after hearing my story, he immediately suggested I reach out to a professional recovery specialist. He introduced me to SPARTAN TECH GROUP RETRIEVAL, and by God's grace, they were able to help me regain control over my finances. We began the recovery process just three days after meeting, and remarkably, within less than 32 hours, the funds were back in my personal account. I could hardly believe it. The sense of relief and gratitude I felt was overwhelming. The only obstacle we encountered during the process was a virus issue that briefly delayed our progress. However, the recovery specialist from SPARTAN TECH GROUP RETRIEVAL worked tirelessly, overcoming the technical challenges and ensuring everything was back on track. To anyone who finds themselves in a similar situation, I urge you to reach out to SPARTAN TECH GROUP RETRIEVAL. The process was not only effective but incredibly convenient, and I assure you, you will not be disappointed. Recovery experts like those at SPARTAN TECH GROUP RETRIEVAL are truly life-changing, and they can help you regain your financial stability and peace of mind. If you or anyone you know is experiencing something similar, whether it’s a scam or an unforeseen financial setback, I strongly encourage you to contact SPARTAN TECH GROUP RETRIEVAL. Sometimes, the right help is all you need to turn things around. May God bless and guide you on your path to recovery, just as He did for me.
CONTACT INFO ABOUT COMPANY → →
WhatsApp:+1 (971) 4 8 7 - 3 5 3 8
Email: spartantech (@) cyberservices . com
Telegram:+1 (581) 2 8 6 - 8 0 9 2