Daniel
@macroform_node
InfoSec researcher, SIEM archeologist & malware analyst posting interesting stuff I find unsecured on the wondernet. BTC Tips 3Chpu93g4QRGdt2m7Z75UXDVokEoq6DZeQ
You might like
A #pixsys #embedded development test system in Italy based on the #texasinstruments #cortexA8 processor, running #windowsCE v7, #UnsecuredVNC and linked to a host machine. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan #ShodanIO @shodanhq
#ElectricalSubstation somewhere in #Luxembourg w/ #UnsecuredVNC access to a control panel. The #wondernet tells me clicking the big green button turns it red. #NotRecommended #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan #ShodanIO @shodanhq
You can't make this stuff up... From the search results on @ShodanHQ just now: "Server Name: just so you know this is literally me" #Furries in #China with #UnsecuredVNC #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan #ShodanIO
Maybe don't leave your @GLCommInc #PacketExpert in place, with #openVNC connectivity and no authentication to secure it. #bushleaguetechthings #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Probably some sort of tooling/industrial machine in Russia, open to the internet. But it's #Russia, so who cares? Might focus on exposed Russian stuff for a while, come to think of it. #blyat #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Italian winery w/ tanks/pumps/etc controls open to the internet. Big red button for enabling the exchange pumps, unrestricted access to change all the values for pressures, temps, & speed. Not great. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Sometimes I find things that are accessible intentionally and super interesting.. Like this VNC Slot Machine. Check out the GitHub link in the URL in the screenshot for more details. Neat! #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Industrial tooling machinery control panel in Italy open to the internet. Why? For the glory of Satan of course! No wait. It's just lack of knowing any better. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Maybe don't leave your @heizung smart home control panel open to the internet? #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Hey @wiseteam_ maybe don't have unsecured VNC access to login screens to your #OpenSense platform #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Some Baidu device in Shanghai doing god knows what with its admin/config interface open to the world via VNC. How's YOUR perimeter? #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch #Shodan
Insecure VNC sessions and root shells. Don't be this guy. Know your perimeter. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch
1) Export 172k results from shodan.io/search?query=u… 2) Pipe to curl -sk -H "X-Requested-With: XMLHttpRequest" -X POST 'hxxps://x.x.x.x/userportal/Controller?mode=8700&operation=1&datagrid=179&json={"x":"test"}' | grep -q 'Session Expired' 3) ? 4) Profit! #Sophos #RCE #CVE20221040
shodan.io
Shodan Search
Search query: userportal http.title:'sophos'
Industrial grain drying silo with temperature controls and everything, open to the internet with no credentials necessary to change temps and anything else. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch
Some #Linux OS on a #TinkerBoard with #VNC forwarded to it with no authentication necessary. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch
#IRTE #digitalradio link control panel open to the internet.. Interesting that there's a password required for some things, but not firmware updates. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch
A whole-ass #cyberwar going on out there & #Amazon's STILL letting people spin up #AWS servers with unsecured telnet #rootaccess. Four of 2400 found. I'd say ~40% of those 2400 I found stayed accessible. #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch
Not terrible but definitely not ok.. #SecuredServers with #openVNCaccess to a couple of their #CentOS systems. At least they arn't idling logged in. But one could def. just idle till they see something spicy #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch
98.175.139.217 166.200.161.202 Some #PIPSTechnology #Autoplate license plate recognition and #ViolationEnforcementSystem devices, open to the internet with no password for telnet access #infosec #skroobsec #cybersecurity #informationsecurity #infosecresearch
United States Trends
- 1. #SmackDown 15.5K posts
- 2. Caleb Wilson 1,632 posts
- 3. Georgetown 2,901 posts
- 4. Kansas 22.6K posts
- 5. Reed Sheppard N/A
- 6. Darryn Peterson 1,531 posts
- 7. Bryson Tiller 3,507 posts
- 8. Vesia 5,669 posts
- 9. End of 1st 1,814 posts
- 10. Dizzy 12.2K posts
- 11. #GCWUnderstand N/A
- 12. End 1Q N/A
- 13. UMass Lowell N/A
- 14. End of the 1st 1,171 posts
- 15. #kubball N/A
- 16. Grammy 485K posts
- 17. Bruce Thornton N/A
- 18. Zelina 1,116 posts
- 19. Sam Merrill N/A
- 20. Aleister Black 1,318 posts
Something went wrong.
Something went wrong.