Pentagrid AG
@pentagrid.bsky.social
Pentagrid performs technically solid IT security assessments.
Website: https://www.pentagrid.ch/
Mastodon: https://infosec.exchange/@pentagrid
Imprint: https://www.pentagrid.ch/en/pages/imprint-and-contact/
Website: https://www.pentagrid.ch/
Mastodon: https://infosec.exchange/@pentagrid
Imprint: https://www.pentagrid.ch/en/pages/imprint-and-contact/
A story about looking at the effectiveness of web application firewalls and finding bypasses for the filter ruleset. www.pentagrid.ch/en/blog/airl... #WAF #OWASP #coreruleset #ergon #airlock
An excursion into Airlock WAF ruleset testing
A story about looking at the effectiveness of web application firewalls (WAFs) and finding bypasses for the filter ruleset.
www.pentagrid.ch
December 11, 2024 at 12:44 PM
A story about looking at the effectiveness of web application firewalls and finding bypasses for the filter ruleset. www.pentagrid.ch/en/blog/airl... #WAF #OWASP #coreruleset #ergon #airlock
Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes.co.uk. Our blog post explains what these tags do and how they can be used. www.pentagrid.ch/en/blog/hack... #pentest #OWASP #Burp
Hackvertor EAN-13 and TOTP tags for web-application penetration testin
Using Hackvertor tags for Swiss social security number and EAN-13 generation and for second factor authentication with TOTP in web pentests.
www.pentagrid.ch
December 6, 2024 at 8:59 AM
Pentagrid published two #Hackvertor tags for #EAN13 (also Swiss AHV numbers) and #TOTP for #2FA. These tags are available via the Hackvertor Tag Store by @garethheyes.co.uk. Our blog post explains what these tags do and how they can be used. www.pentagrid.ch/en/blog/hack... #pentest #OWASP #Burp
Pentagrid is looking for an IT security analyst (d/f/m) in Buchs SG, Switzerland. www.pentagrid.ch/en/pages/car... #hiring #infosec #pentesting #infosecjob
Career
Open job postings for IT-Security Analysts, Penetration testers and Red Teamer
www.pentagrid.ch
October 2, 2024 at 12:31 PM
Pentagrid is looking for an IT security analyst (d/f/m) in Buchs SG, Switzerland. www.pentagrid.ch/en/pages/car... #hiring #infosec #pentesting #infosecjob
If you want to protect your IT #infrastructure against #MITM attacks where an attacker bypasses domain verification to obtain valid certificates, you may want to use #CAA and #accountURI binding, which is easy to set up. www.pentagrid.ch/en/blog/doma... #hardening
How to prevent domain verification bypasses of your server certificate
Description of the CAA accounturi binding to mitigate or prevent domain verification bypasses and monitoring approaches like certificate transparency log analysis.
www.pentagrid.ch
June 10, 2024 at 10:15 AM
If you want to protect your IT #infrastructure against #MITM attacks where an attacker bypasses domain verification to obtain valid certificates, you may want to use #CAA and #accountURI binding, which is easy to set up. www.pentagrid.ch/en/blog/doma... #hardening
It happened again. We accidentally broke another #hotel check-in #terminal. This time Mr O'Yolo triggered a problem, crashed the #Ariane Allegro Scenario Player and escaped the #kiosk mode, which enabled access to the Windows Desktop: www.pentagrid.ch/en/blog/aria... #itsecurity #infosec
Kiosk mode bypass for an Ariane Allegro Scenario Player based hotel ch
A hotel check-in kiosk application crashed when entering a single quote into the guest search, which enabled access to the Windows Desktop. The terminal uses the Ariane Allegro Scenario Player.
www.pentagrid.ch
June 5, 2024 at 7:30 AM
It happened again. We accidentally broke another #hotel check-in #terminal. This time Mr O'Yolo triggered a problem, crashed the #Ariane Allegro Scenario Player and escaped the #kiosk mode, which enabled access to the Windows Desktop: www.pentagrid.ch/en/blog/aria... #itsecurity #infosec
This is not a late April Fool's joke: After #37C3, we accidentally dumped the keypad codes of almost half of an IBIS hotel's rooms by entering some dashes into a check-in terminal: www.pentagrid.ch/en/blog/ibis... #itsecurity #infosec #ibis #accor #terminal #hotel
April 2, 2024 at 7:54 PM
This is not a late April Fool's joke: After #37C3, we accidentally dumped the keypad codes of almost half of an IBIS hotel's rooms by entering some dashes into a check-in terminal: www.pentagrid.ch/en/blog/ibis... #itsecurity #infosec #ibis #accor #terminal #hotel
#SQLinjection in login dialog of web-based #YABOOK harbour administration allows authentication bypass
www.pentagrid.ch/en/blog/sql-...
#pentest #sailing #hafenverwaltung #imonaboat
www.pentagrid.ch/en/blog/sql-...
#pentest #sailing #hafenverwaltung #imonaboat
March 12, 2024 at 8:04 PM
#SQLinjection in login dialog of web-based #YABOOK harbour administration allows authentication bypass
www.pentagrid.ch/en/blog/sql-...
#pentest #sailing #hafenverwaltung #imonaboat
www.pentagrid.ch/en/blog/sql-...
#pentest #sailing #hafenverwaltung #imonaboat
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices: www.pentagrid.ch/en/blog/mult... #itsecurity #infosec #pentesting #lantronix #iot #medical
January 8, 2024 at 9:49 AM
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices: www.pentagrid.ch/en/blog/mult... #itsecurity #infosec #pentesting #lantronix #iot #medical
RCE and LPE in a wide range of Mitel Unify #OpenStage and #OpenScape VoIP phones with default config: www.pentagrid.ch/en/blog/rce-... #itsecurity #infosec #pentesting #voip #unify
Remote code execution and elevation of local privileges in Mitel Unify
Multiple vulnerabilities in Mitel Unify OpenStage and OpenScape phones allow a remote compromise in the unhardened default configuration and an elevation of privileges to become the root user.
www.pentagrid.ch
December 8, 2023 at 6:00 AM
RCE and LPE in a wide range of Mitel Unify #OpenStage and #OpenScape VoIP phones with default config: www.pentagrid.ch/en/blog/rce-... #itsecurity #infosec #pentesting #voip #unify
A few email-related Python libraries do not check server certificates. It is nothing new, but a bit surprisingly in 2023 and not everyone got the memo. www.pentagrid.ch/en/blog/pyth... #itsecurity #infosec #pentesting #python #email #bugbounty
November 14, 2023 at 9:40 AM
A few email-related Python libraries do not check server certificates. It is nothing new, but a bit surprisingly in 2023 and not everyone got the memo. www.pentagrid.ch/en/blog/pyth... #itsecurity #infosec #pentesting #python #email #bugbounty
The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. www.pentagrid.ch/en/blog/stor... #itsecurity #infosec #pentesting
October 17, 2023 at 5:16 AM
The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. www.pentagrid.ch/en/blog/stor... #itsecurity #infosec #pentesting