Konstantin :C_H:
@kpwn.infosec.exchange.ap.brid.gy
I'm a hacker and mainly post about web security.
By profession, I am a pentester and team leader @usdAG.
I like to explain and understand things and I am […]
[bridged from https://infosec.exchange/@kpwn on the fediverse by https://fed.brid.gy/ ]
By profession, I am a pentester and team leader @usdAG.
I like to explain and understand things and I am […]
[bridged from https://infosec.exchange/@kpwn on the fediverse by https://fed.brid.gy/ ]
@troed That sounds exhausting… In my 7 years of pentests, I only came accross a couple of companies / contacts who were not interested in improving their security.
October 7, 2025 at 6:26 PM
@troed That sounds exhausting… In my 7 years of pentests, I only came accross a couple of companies / contacts who were not interested in improving their security.
Small scope decisions can hide big risks. How do you convince customers to let you check connected but out-of-scope systems?
October 7, 2025 at 1:03 PM
Small scope decisions can hide big risks. How do you convince customers to let you check connected but out-of-scope systems?
While that's true, it misses something important: blind attack vectors. Some issues can only be discovered or validated by looking into those otherwise blind spots. For that reason I usually request admin access as a cross-check.
October 7, 2025 at 1:02 PM
While that's true, it misses something important: blind attack vectors. Some issues can only be discovered or validated by looking into those otherwise blind spots. For that reason I usually request admin access as a cross-check.
The vendor, Scholl Communications AG, responded quickly and fixed the issue within two days. The vulnerability was classified as level 2 in their bug bounty program, awarding us a $250 bounty.
We decided to donate the bounty to @Freiheitsrechte, an organization dedicated to defending […]
We decided to donate the bounty to @Freiheitsrechte, an organization dedicated to defending […]
Original post on infosec.exchange
infosec.exchange
September 24, 2025 at 1:20 PM
The vendor, Scholl Communications AG, responded quickly and fixed the issue within two days. The vulnerability was classified as level 2 in their bug bounty program, awarding us a $250 bounty.
We decided to donate the bounty to @Freiheitsrechte, an organization dedicated to defending […]
We decided to donate the bounty to @Freiheitsrechte, an organization dedicated to defending […]
Now it's your turn:
👉 Try out the new features and let me know what you think!
🔁 Also, boost the first toot to spread the word!
👉 Try out the new features and let me know what you think!
🔁 Also, boost the first toot to spread the word!
September 8, 2025 at 1:09 PM
Now it's your turn:
👉 Try out the new features and let me know what you think!
🔁 Also, boost the first toot to spread the word!
👉 Try out the new features and let me know what you think!
🔁 Also, boost the first toot to spread the word!
2️⃣ BlueSky Support
Finally, there is a section for Bluesky posts!
Since existing bridges like fed.brid.gy didn't work fine, I built a custom Bluesky crawler.
It's based on CVESky's feed by @hrbrmstr@mastoodon.social ❤️
This should increase the number of posts by a good lot.
If you prefer the […]
Finally, there is a section for Bluesky posts!
Since existing bridges like fed.brid.gy didn't work fine, I built a custom Bluesky crawler.
It's based on CVESky's feed by @hrbrmstr@mastoodon.social ❤️
This should increase the number of posts by a good lot.
If you prefer the […]
Original post on infosec.exchange
infosec.exchange
September 8, 2025 at 1:03 PM
2️⃣ BlueSky Support
Finally, there is a section for Bluesky posts!
Since existing bridges like fed.brid.gy didn't work fine, I built a custom Bluesky crawler.
It's based on CVESky's feed by @hrbrmstr@mastoodon.social ❤️
This should increase the number of posts by a good lot.
If you prefer the […]
Finally, there is a section for Bluesky posts!
Since existing bridges like fed.brid.gy didn't work fine, I built a custom Bluesky crawler.
It's based on CVESky's feed by @hrbrmstr@mastoodon.social ❤️
This should increase the number of posts by a good lot.
If you prefer the […]
@jerry Also, the current response time of 1s is not that big of a problem. I had issues with responses that took up to 10 seconds or so. But if you did not change anything, the problem seems to lie somewhere else... :)
September 5, 2025 at 2:56 PM
@jerry Also, the current response time of 1s is not that big of a problem. I had issues with responses that took up to 10 seconds or so. But if you did not change anything, the problem seems to lie somewhere else... :)
@jerry It basically comes down to this:
if __name__ == '__main__':
mastodon_main = Mastodon(api_base_url='https://infosec.exchange', access_token='[access_token]', request_timeout = 10)
for i in range(20):
print(f'{i}...')
t = time.time()
posts = mastodon_main.timeline(timeline='public' […]
if __name__ == '__main__':
mastodon_main = Mastodon(api_base_url='https://infosec.exchange', access_token='[access_token]', request_timeout = 10)
for i in range(20):
print(f'{i}...')
t = time.time()
posts = mastodon_main.timeline(timeline='public' […]
Original post on infosec.exchange
infosec.exchange
September 5, 2025 at 2:28 PM
@jerry It basically comes down to this:
if __name__ == '__main__':
mastodon_main = Mastodon(api_base_url='https://infosec.exchange', access_token='[access_token]', request_timeout = 10)
for i in range(20):
print(f'{i}...')
t = time.time()
posts = mastodon_main.timeline(timeline='public' […]
if __name__ == '__main__':
mastodon_main = Mastodon(api_base_url='https://infosec.exchange', access_token='[access_token]', request_timeout = 10)
for i in range(20):
print(f'{i}...')
t = time.time()
posts = mastodon_main.timeline(timeline='public' […]
@nopatience Naturally! Thanks for your great post 😊
August 4, 2025 at 6:32 PM
@nopatience Naturally! Thanks for your great post 😊