• chevron_right

      Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term

      news.movim.eu / ArsTechnica · Thursday, 11 May, 2023 - 17:59

    Ex-Ubiquiti engineer behind “breathtaking” data theft gets 6-year prison term

    Enlarge (credit: SOPA Images / Contributor | LightRocket )

    An ex-Ubiquiti engineer, Nickolas Sharp, was sentenced to six years in prison yesterday after pleading guilty in a New York court to stealing tens of gigabytes of confidential data, demanding a $1.9 million ransom from his former employer, and then publishing the data publicly when his demands were refused.

    Sharp had asked for no prison time, telling United States District Judge Katherine Polk Failla that the cyberattack was actually an "unsanctioned security drill" that left Ubiquiti "a safer place for itself and for its clients,” Bloomberg reported . In a court document , Sharp claimed that Ubiquiti CEO Robert Pera had prevented Sharp from "resolving outstanding security issues," and Sharp told the judge that this led to an "idiotic hyperfixation" on fixing those security flaws.

    However, even if that was Sharp's true motivation, Failla did not accept his justification of his crimes, which include wire fraud, intentionally damaging protected computers, and lying to the FBI.

    Read 18 remaining paragraphs | Comments

    • chevron_right

      AORT – Un outil de reconnaissance pour vos séances de Bug Bounty

      news.movim.eu / Korben · Sunday, 6 November, 2022 - 08:00

    Si vous travaillez dans la sécurité, que vous pratiquez le pentest, le Bug Bounty ou tout simplement si vous avez un site et que vous êtes curieux, voici un super script nommé All In One Recon Tool – AORT .

    Ce script permet de faire de la reconnaissance autour d’un nom de domaine. Ainsi, si vous voulez savoir ce qu’un éventuel attaquant peut apprendre sur votre site web, simplement en fouillant un peu, vous n’allez pas être déçu.

    AORT permet ainsi de débusquer tous les sous-domaines, mais également tout un tas d’infos concernant les DNS, la possibilité d’un transfert de nom de domaine, le type de WAF en place (firewall application), les informations Whois, les ports ouverts, ainsi que divers endpoints ou boite mail.

    Le mieux c’est encore de l’essayer. Pour installer AORT, faites :

    git clone https://github.com/D3Ext/AORT
    cd AORT
    pip3 install -r requirements.txt

    Puis lancez le script avec le paramètre –all pour dégainer toute l’artillerie.

    python3 AORT.py -d exemple.com --all

    Très simple à utiliser et super pratique !