Joined December 2008
- Tweets 772
- Following 500
- Followers 489
- Likes 1,487
64 Photos and videos
Sven Schlüter retweeted
Jan 12
Our security team at @YSecurity has identified multiple vulnerabilities in TIM BPM Suite/TIM FLOW, allowing authorization bypass, privilege escalation, and SQL/HQL injection.
Advisory Mitigation: y-security.de/news-en/tim-bp…
1
33
Sven Schlüter retweeted
20 Jan 2025
Our security team at @YSecurity has identified a vulnerability in AXESS Auto Configuration Server (CVE-2024-56316) which allows unauthenticated remote attackers to trigger a permanent DoS.
Advisory Mitigation: y-security.de/news-de/axess-…
#YSecurity #CVE202456316 #TR069 #ACS
3
3
228
Sven Schlüter retweeted
15 Oct 2024
Between July 2023 and June 2024, Microsoft observed nation-state threat actors conduct operations for financial gain, enlist cybercriminals to collect intelligence, and make use of the same tools and frameworks favored by cybercriminals: msft.it/6018mf9Sm
3
101
206
27,841
Sven Schlüter retweeted
19 Aug 2024
The time has come, and with it your reading material for the week.
Phrack #71 is officially released ONLINE! Let us know what you think!
phrack.org/issues/71/1.html
ALT table for contents for Phrack 71
15
490
1,021
164,010
Sven Schlüter retweeted
15 Aug 2024
We have publicly released our internal tool StealthGuardian at Black Hat USA 2024.
It can be combined with adversary simulation tools to verify the resistance, detection level and behaviour detection of defence mechanisms.
y-security.de/news-en/stealt…
#bhusa #blackhat #redteam
3
4
167
17 Jun 2024
Based in Germany and looking for a remote role in pentesting and attack simulation? Come join us and let's break things!
17 Jun 2024
Are you taking steps towards a career as an Attack Simulation Specialist?
Maybe you already have experience as a Penetration Tester or with platforms like Hack The Box or certifications like OSCP?
If so, we would love to talk to you!
#job #redteam #pentest #germany
ALT Job description for an Attack Simulation Specialist at Y-Security.
2
132
Sven Schlüter retweeted
4 Jun 2024
Our tool StealthGuardian has been accepted for Black Hat ARSENAL USA 2024. The Y-Security team will be in Las Vegas to present on protecting Red Team payloads from Blue Teams.
y-security.de/news-en/black-…
#BlackHat #BHUSA #RedTeam #VegasBaby
3
6
222
New blog: Lateral movement and on-prem NT hash dumping with Microsoft Entra Temporary Access Passes.
Some tips and tricks on abusing TAPs for Windows Hello persistence and NT hash recovery over Cloud Kerberos Trust. dirkjanm.io/lateral-movement…
6
246
516
55,021
Sven Schlüter retweeted
16 Apr 2024
Our team recently took the challenge of mastering the Red Team Ops I and Red Team Ops II exam offered by @zeropointsecltd . After completion, we received both the Red Team Operator and Red Team Lead certifications.
Read our recent post: y-security.de/news-en/red-te…
#RedTeam #RTO
2
6
144
Sven Schlüter retweeted
13 Mar 2024
Recently we checked the security of a LoRaWAN implementation. In our latest post we share insights about the security of LoRaWAN, common LoRaWAN attacks and how we built a custom methodology and testing environment.
y-security.de/news-en/securi…
#pentest #lorawan #ysecurity
1
1
105
14 Feb 2024
Polyglot template injection payloads here are pretty cool.
14 Feb 2024
Template engines are very popular in web applications. A severe threat posing a risk for the application, its data, and its users: Template Injection Vulnerabilities
Detect them – manually and automatically:
Blog 🌐hackmanit.de/en/blog-en/178-…
Tool 🛠️ hackmanit.de/en/penetrationt…
ALT Tinja – Template Injection Analyzer by Hackmanit
1
180
Sven Schlüter retweeted
28 Jun 2023
We started to play with censorship circumventions. Of course, we exploit our TLS skills to bypass big firewalls. In our first work, @JonSnowWhite2 shows that TLS record fragmentation is a useful technique to bypass the Great Firewall of China (GFW). upb-syssec.github.io/blog/20…
3
5
13
1,482
Sven Schlüter retweeted
14 Jun 2023
Check out our blog post by Thore on our Mobile Application Testing service utilizing Apple Silicon.
y-security.de/news-en/mobile…
#pentest #mobile #jailbreak #apple #ios #testing #m1 #ysecurity
4
4
600
Sven Schlüter retweeted
15 Apr 2023
Classified documents are being distributed publicly from your servers.
2
12
54
12,527
Have you ever wondered how to start #AWS penetration testing? We have published AWS penetration testing: A step-by-step guide at the @hackthebox_eu website:
hackthebox.com/blog/aws-pent…
#HTB #BugBounty #Y #Security #Cloud
4
2
247
Sven Schlüter retweeted
28 Mar 2023
How do you like being blind for a whole day despite having an EDR because... the EDR is doing a maintenance?
For TA, this is the time to strike Carbon Black Cloud customers I guess 🙃
status.carbonblack.com/incid…
4
8
37
10,134
16 Mar 2023
Great experience using and abusing @hackthebox_eu Blizzard Lab.
#htb #oldmanyellingatcloud #blizzard #blacksky
16 Mar 2023
@hackthebox_eu's BlackSky Cloud Hacking Labs doesn't only include AWS and Azure, but also Google Cloud Platform.
Read @secsven's feedback and insights on the Blizzard Lab
y-security.de/news-en/hack-t…
#HackTheBox #BlackSky #Cloud #GCP #Blizzard #BugBounty #htb #pentest #Y
1
1
223
Sven Schlüter retweeted
28 Feb 2023
We recently collaborated with @hackthebox_eu and took the challenge of reviewing their BlackSky Cloud Hacking Labs.
Read about @0xchrisb's feedback and insights into the Hailstorm scenario at y-security.de/news-en/hack-t…
#Y #HackTheBox #Cloud #AWS #Hailstorm #BugBounty
1
3
569
Sven Schlüter retweeted
26 Feb 2023
New AMSI lifetime bypass, it works by searching for the first byte of each instruction to prevent updates from affecting it, Check it out.
#amsi #redteam #cybersecurity
github.com/ZeroMemoryEx/Amsi…
6
180
491
59,156