Securitum
@securitum.bsky.social
The most competitive pentest company in Central Europe.
Let us hack you before the criminals do.
Contact us at securitum@securitum.com
Let us hack you before the criminals do.
Contact us at securitum@securitum.com
🚨#WebSecurity risk: Attackers can exploit the X-Forwarded-Host header to poison web caches, blocking legitimate users with cached error responses
🔎Learn how this subtle #DoS attack works and how to defend your apps in our latest pentest case study
🔗 below!
#CyberSecurity
🔎Learn how this subtle #DoS attack works and how to defend your apps in our latest pentest case study
🔗 below!
#CyberSecurity
March 31, 2025 at 9:05 AM
🚨#WebSecurity risk: Attackers can exploit the X-Forwarded-Host header to poison web caches, blocking legitimate users with cached error responses
🔎Learn how this subtle #DoS attack works and how to defend your apps in our latest pentest case study
🔗 below!
#CyberSecurity
🔎Learn how this subtle #DoS attack works and how to defend your apps in our latest pentest case study
🔗 below!
#CyberSecurity
🚨SPI Sniffing Attack: Our researcher extracted BitLocker/Clevis encryption keys by intercepting TPM traffic.
⚔️Logic analyzer & signal analysis tools enabled unauthorized access.
🔎Critical security insight!
🔗 below! ⬇️⬇️⬇️
#PenetrationTesting #CyberSecurity
⚔️Logic analyzer & signal analysis tools enabled unauthorized access.
🔎Critical security insight!
🔗 below! ⬇️⬇️⬇️
#PenetrationTesting #CyberSecurity
March 18, 2025 at 12:39 PM
🚨SPI Sniffing Attack: Our researcher extracted BitLocker/Clevis encryption keys by intercepting TPM traffic.
⚔️Logic analyzer & signal analysis tools enabled unauthorized access.
🔎Critical security insight!
🔗 below! ⬇️⬇️⬇️
#PenetrationTesting #CyberSecurity
⚔️Logic analyzer & signal analysis tools enabled unauthorized access.
🔎Critical security insight!
🔗 below! ⬇️⬇️⬇️
#PenetrationTesting #CyberSecurity
🚨 Pentest alert!
🔎Our researcher found repositories linked to former staff can expose sensitive data including encryption keys. #datasecurity
⚔️Attackers can recover "deleted" files through repo analysis. #infosec
🛡️Learn protection steps #securityawareness
🔗 below!
🔎Our researcher found repositories linked to former staff can expose sensitive data including encryption keys. #datasecurity
⚔️Attackers can recover "deleted" files through repo analysis. #infosec
🛡️Learn protection steps #securityawareness
🔗 below!
March 13, 2025 at 3:03 PM
🚨 Pentest alert!
🔎Our researcher found repositories linked to former staff can expose sensitive data including encryption keys. #datasecurity
⚔️Attackers can recover "deleted" files through repo analysis. #infosec
🛡️Learn protection steps #securityawareness
🔗 below!
🔎Our researcher found repositories linked to former staff can expose sensitive data including encryption keys. #datasecurity
⚔️Attackers can recover "deleted" files through repo analysis. #infosec
🛡️Learn protection steps #securityawareness
🔗 below!
🚨Our pentester discovered a macOS app vulnerability allowing unlimited activations with a single license key
No complex hacking —just basic request manipulation exploiting business logic weakness
Critical for software vendors!
www.securitum.com/breaking_lic...
#CyberSecurity #PenTest
No complex hacking —just basic request manipulation exploiting business logic weakness
Critical for software vendors!
www.securitum.com/breaking_lic...
#CyberSecurity #PenTest
March 7, 2025 at 3:54 PM
🚨Our pentester discovered a macOS app vulnerability allowing unlimited activations with a single license key
No complex hacking —just basic request manipulation exploiting business logic weakness
Critical for software vendors!
www.securitum.com/breaking_lic...
#CyberSecurity #PenTest
No complex hacking —just basic request manipulation exploiting business logic weakness
Critical for software vendors!
www.securitum.com/breaking_lic...
#CyberSecurity #PenTest
🚨🚨 SECURITY ALERT! 🚨🚨
Our AD audit exposed critical flaws.
Domain Users with RDP access, unconstrained delegation & DCSync privileges could lead to complete domain takeover.
Don't be the next breach headline!
Fixes: www.securitum.com/possible_mis...
#Pentesting #CyberSecurity #CyberSec
Our AD audit exposed critical flaws.
Domain Users with RDP access, unconstrained delegation & DCSync privileges could lead to complete domain takeover.
Don't be the next breach headline!
Fixes: www.securitum.com/possible_mis...
#Pentesting #CyberSecurity #CyberSec
March 3, 2025 at 3:23 PM
🚨🚨 SECURITY ALERT! 🚨🚨
Our AD audit exposed critical flaws.
Domain Users with RDP access, unconstrained delegation & DCSync privileges could lead to complete domain takeover.
Don't be the next breach headline!
Fixes: www.securitum.com/possible_mis...
#Pentesting #CyberSecurity #CyberSec
Our AD audit exposed critical flaws.
Domain Users with RDP access, unconstrained delegation & DCSync privileges could lead to complete domain takeover.
Don't be the next breach headline!
Fixes: www.securitum.com/possible_mis...
#Pentesting #CyberSecurity #CyberSec
🚨 Pen Test Report Alert: Audit Log Spoofing 🚨
🔎 Key Takeaways:
✅ Audit logs generate critical reports
✅ Malicious users can inject false entries due to poor input filtering
✅ This can cause serious misreporting
🔗 www.securitum.com/public-repor...
#CyberSecurity #PenTest #Infosec 🚀
🔎 Key Takeaways:
✅ Audit logs generate critical reports
✅ Malicious users can inject false entries due to poor input filtering
✅ This can cause serious misreporting
🔗 www.securitum.com/public-repor...
#CyberSecurity #PenTest #Infosec 🚀
February 28, 2025 at 1:28 PM
🚨 Pen Test Report Alert: Audit Log Spoofing 🚨
🔎 Key Takeaways:
✅ Audit logs generate critical reports
✅ Malicious users can inject false entries due to poor input filtering
✅ This can cause serious misreporting
🔗 www.securitum.com/public-repor...
#CyberSecurity #PenTest #Infosec 🚀
🔎 Key Takeaways:
✅ Audit logs generate critical reports
✅ Malicious users can inject false entries due to poor input filtering
✅ This can cause serious misreporting
🔗 www.securitum.com/public-repor...
#CyberSecurity #PenTest #Infosec 🚀
🔍 External network scanning: your cyber lifesaver! 🛡️
🚨 Spot vulnerabilities before hackers
🖥️ Find exposed services & rogue assets
📊 Ensure security compliance
🗓️ Scan monthly (critical), quarterly (broader)
⚠️ Scanning + action = true security! 💪
www.securitum.com/periodic_ext...
#CyberSecurity
🚨 Spot vulnerabilities before hackers
🖥️ Find exposed services & rogue assets
📊 Ensure security compliance
🗓️ Scan monthly (critical), quarterly (broader)
⚠️ Scanning + action = true security! 💪
www.securitum.com/periodic_ext...
#CyberSecurity
February 27, 2025 at 12:13 PM
🔍 External network scanning: your cyber lifesaver! 🛡️
🚨 Spot vulnerabilities before hackers
🖥️ Find exposed services & rogue assets
📊 Ensure security compliance
🗓️ Scan monthly (critical), quarterly (broader)
⚠️ Scanning + action = true security! 💪
www.securitum.com/periodic_ext...
#CyberSecurity
🚨 Spot vulnerabilities before hackers
🖥️ Find exposed services & rogue assets
📊 Ensure security compliance
🗓️ Scan monthly (critical), quarterly (broader)
⚠️ Scanning + action = true security! 💪
www.securitum.com/periodic_ext...
#CyberSecurity
🚨 How Secure Are Your App Secrets? 🚨
Hardcoded creds, exposed API keys, leaked tokens—common mistakes leading to compromises.
Mateusz Lewczak shares:
⚠️ Risks, 🔍 hidden dangers, ✅ best practices for secret management
📖 Full article in the comments!
#CyberSecurity #Pentesting #AppSec #InfoSec
Hardcoded creds, exposed API keys, leaked tokens—common mistakes leading to compromises.
Mateusz Lewczak shares:
⚠️ Risks, 🔍 hidden dangers, ✅ best practices for secret management
📖 Full article in the comments!
#CyberSecurity #Pentesting #AppSec #InfoSec
February 24, 2025 at 2:06 PM
🚨 How Secure Are Your App Secrets? 🚨
Hardcoded creds, exposed API keys, leaked tokens—common mistakes leading to compromises.
Mateusz Lewczak shares:
⚠️ Risks, 🔍 hidden dangers, ✅ best practices for secret management
📖 Full article in the comments!
#CyberSecurity #Pentesting #AppSec #InfoSec
Hardcoded creds, exposed API keys, leaked tokens—common mistakes leading to compromises.
Mateusz Lewczak shares:
⚠️ Risks, 🔍 hidden dangers, ✅ best practices for secret management
📖 Full article in the comments!
#CyberSecurity #Pentesting #AppSec #InfoSec
🔍 Security shortcuts = threats
Adam Borczyk recently found a risk in a company’s IAM setup:
🚨 A C-level exec was excluded from MFA.
What seemed like a "temporary" fix led to logins from multiple locations, including China.
🔗 www.securitum.com/from_tempora...
#CyberSecurity #Pentesting #Infosec
Adam Borczyk recently found a risk in a company’s IAM setup:
🚨 A C-level exec was excluded from MFA.
What seemed like a "temporary" fix led to logins from multiple locations, including China.
🔗 www.securitum.com/from_tempora...
#CyberSecurity #Pentesting #Infosec
Securitum - Security penetration testing.
Securitum is a pure pentesting company specialising in the security of IT systems. We have experience in performing security audits (including penetration tests) - mainly for
financial/e-commerce/indu...
www.securitum.com
February 21, 2025 at 10:12 AM
🔍 Security shortcuts = threats
Adam Borczyk recently found a risk in a company’s IAM setup:
🚨 A C-level exec was excluded from MFA.
What seemed like a "temporary" fix led to logins from multiple locations, including China.
🔗 www.securitum.com/from_tempora...
#CyberSecurity #Pentesting #Infosec
Adam Borczyk recently found a risk in a company’s IAM setup:
🚨 A C-level exec was excluded from MFA.
What seemed like a "temporary" fix led to logins from multiple locations, including China.
🔗 www.securitum.com/from_tempora...
#CyberSecurity #Pentesting #Infosec
🔍🔍 How Easy Is It to Manipulate Someone Over the Phone?
A Real Social Engineering Case Study.
Explore insights from Jacek Siwek's article on vishing, its psychology, and how to protect against it.
👉 Link in the comments!
#cybersecurity #pentest #cybersec #infosec #security #phishing #vishing
A Real Social Engineering Case Study.
Explore insights from Jacek Siwek's article on vishing, its psychology, and how to protect against it.
👉 Link in the comments!
#cybersecurity #pentest #cybersec #infosec #security #phishing #vishing
February 19, 2025 at 3:15 PM