At Pentagrid, we occasionally review our clients' internal processes to identify IT security risks. When we discovered that large sums of money are transferred with just a few clicks and no transaction verification, we helped securing the process. At the same time, we developed a tool to support this improvement. #itsecurity #infosec #iso200222 #pain001 https://www.pentagrid.ch/en/blog/pain001-interfaces-and-payment-of-your-salary/
Pentagrid AG
@pentagrid@infosec.exchange
mastodon
4.6.0-alpha.7+glitch
Pentagrid performs technically solid IT security assessments.
0
Followers
0
Following
Joined November 10, 2022
Location:
Buchs SG, Switzerland
Github:
Codeberg:
Posts
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Nov 21, 2025
1
0
1
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Dec 11, 2024
A story about looking at the effectiveness of web application firewalls and finding bypasses for the filter ruleset. https://www.pentagrid.ch/en/blog/airlock-web-application-firewall-ruleset-testing-and-waf-bypasses/ #WAF #OWASP #coreruleset #ergon #airlock
1
0
4
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Dec 06, 2024
Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes. Our blog post explains what these tags do and how they can be used. https://www.pentagrid.ch/en/blog/hackervertor-ean13-and-totp-tags-for-web-application-penetration-testing-with-burp/ #pentest #OWASP
1
1
3
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Oct 02, 2024
Pentagrid is looking for an IT security analyst (d/f/m) in Buchs SG, Switzerland. https://www.pentagrid.ch/en/pages/career/ #FediHire #infosec
0
0
4
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Jun 17, 2024
Today, our certificate transparency monitoring popped up with an InvalidSignature exception, because we didn't add the recent Let's Encrypt intermediate CAs as monitoring trust anchors. We updated the documentation accordingly, but it is good to see it working. If you want to monitor your certificates, you may run your own instance. https://github.com/pentagridsec/check-transparency-logs
3
0
3
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Jun 10, 2024
If you want to protect your IT #infrastructure against #MITM attacks where an attacker bypasses domain verification to obtain valid certificates, you may want to use #CAA and #accountURI binding, which is easy to set up. https://www.pentagrid.ch/en/blog/domain-verification-bypass-prevention-caa-accounturi/ #hardening
0
0
4
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Jun 05, 2024
Our colleague Michael will be speaking about #Unify #OpenScape and #OpenStage #VoIP phones at the #Area41 security conference in Zurich on June 6. If you use these VoIP systems, we recommend coming to the talk.
2
0
2
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Jun 05, 2024
It happened again. We accidentally broke another #hotel check-in #terminal. This time Mr O'Yolo triggered a problem, crashed the #Ariane Allegro Scenario Player and escaped the #kiosk mode, which enabled access to the Windows Desktop: https://www.pentagrid.ch/en/blog/ariane-allegro-hotel-check-in-terminal-kios-escape/ #itsecurity #infosec
0
0
2
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Apr 02, 2024
This is not a late April Fool's joke: After #37C3, we accidentally dumped the keypad codes of almost half of an IBIS hotel's rooms by entering some dashes into a check-in terminal: https://www.pentagrid.ch/en/blog/ibis-hotel-check-in-terminal-keypad-code-leakage/ #itsecurity #infosec #ibis #accor #terminal #hotel
182
7
144
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Mar 12, 2024
#SQLinjection in login dialog of web-based #YABOOK harbour administration allows authentication bypass
https://www.pentagrid.ch/en/blog/sql-injection-in-port-administration-software-yabook/
#pentest #sailing #hafenverwaltung #imonaboat
https://www.pentagrid.ch/en/blog/sql-injection-in-port-administration-software-yabook/
#pentest #sailing #hafenverwaltung #imonaboat
1
0
3
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Jan 08, 2024
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices: https://www.pentagrid.ch/en/blog/multiple-vulnerabilties-in-lantronix-eds-md-iot-gateway/ #itsecurity #infosec #pentesting #lantronix #iot #medical
3
0
5
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Dec 11, 2023
Multiple vulnerabilities affecting #Atos #Unify IP Devices - the vendor published OBSO-2312-01: https://networks.unify.com/security/advisories/OBSO-2312-01.pdf
0
0
1
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Dec 08, 2023
RCE and LPE in a wide range of Mitel Unify #OpenStage and #OpenScape VoIP phones with default config: https://www.pentagrid.ch/en/blog/rce-and-local-root-in-openstage-and-openscape-phones/ #itsecurity #infosec #pentesting #voip #unify
3
0
7
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Nov 14, 2023
Summer is clearly over and silly season, too. We saw neither alligators in the swimming lake nor lions in town, but a a snake curling through the infrastructure. It was a #python. A few email-related Python libraries do not check server certificates. It is nothing new, but still a bit surprising in 2023 and not everyone got the memo.
https://www.pentagrid.ch/en/blog/python-mail-libraries-certificate-verification/
#itsecurity #infosec #pentesting #python #email #bugbounty
https://www.pentagrid.ch/en/blog/python-mail-libraries-certificate-verification/
#itsecurity #infosec #pentesting #python #email #bugbounty
3
0
2
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Oct 17, 2023
The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/ #itsecurity #infosec #pentesting
0
0
4
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Oct 03, 2023
Wir haben ein Werkzeug in Python geschrieben, dass Dateiarchive wie zip, tar und cpio generiert welche Path Traversal Angriffe beinhalten: https://www.pentagrid.ch/de/blog/archive-pwn-tool-release/ #itsicherheit #informationssicherheit #pentesting
1
0
2
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Oct 03, 2023
We wrote a tool in Python to create file archives such as zip, tar and cpio that include path traversal attacks: https://www.pentagrid.ch/en/blog/archive-pwn-tool-release/ #itsecurity #infosec #pentesting
1
0
3
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
Pentagrid AG
@pentagrid@infosec.exchange
Pentagrid performs technically solid IT security assessments.
infosec.exchange
@pentagrid@infosec.exchange
·
Sep 19, 2023
We analysed the security of a #WindRiver #VxWorks (the operating system running also on NASA's Curiosity mars rover) embedded device and found a critical vulnerability in the #tarExtract function: https://www.pentagrid.ch/en/blog/wind-river-vxworks-tarextract-directory-traversal-vulnerability/ #itsecurity #infosec #pentesting #cisa #vxworks
5
0
7