eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

225
active users

#poc

1 post1 participant0 posts today

When the Trump admin encounters a group it doesn’t respect/care for, oftentimes it just deletes them -specifically, the very record of their existence.

DOD: asked to cull all #DEI-related content from its websites, it removed ~26K images. A list of the deleted photos was given to the AP, ~19K,💔4 out of 5 depicted #women, #POC the #LGBTQ+ comm & racial minorities.🚨They're now among America’s “missing persons.”
#Racism #Misogyny #TrumpRegime #Disabled ppl...
#Resist #USPol
wapo.st/3Hs6XZb

#RoundCube bugs are nearly always a big deal. Pay attention to this one, CVE-2025-49113. I’d be surprised if a #PoC #exploit takes longer than a day or two to surface.

It does require the attacker to have an account, but that’s sometimes a pretty low barrier to entry (depending on the site).
infosec.exchange/@securityaffa

Infosec Exchangesecurityaffairs (@securityaffairs@infosec.exchange)#Roundcube Webmail under fire: critical exploit found after a decade https://securityaffairs.com/178615/hacking/roundcube-webmail-under-fire-critical-exploit-found-after-a-decade.html #securityaffairs #hacking

Tiens, il y a un PoC d'exploitation pour la vulnérabilité BadSuccessor 👀

BadSuccessor, est une technique d'escalade de privilèges dans Active Directory. Elle exploite l’attribut peu connu dMSA ( delegated Managed Service Account) pour injecter un objet malveillant. Si un utilisateur a juste les droits "CreateChild" sur une OU (Organizational Unit), il peut créer un compte spécial et s’en servir pour devenir Domain Admin.

( 91% des environnements d'entreprise analysés par Akamai sont vulnérables à cette attaque. )
👇
akamai.com/blog/security-resea

Et maintenant, il y a un PoC fonctionnel côté offensive.
⬇️
SharpSuccessor
Un outil .NET qui automatise le processus. Il permet à un utilisateur peu privilégié de :

  • Créer un objet dMSA piégé dans une OU sur laquelle il a les droits "CreateChild"

  • Associer cet objet à sa propre session utilisateur

  • Et obtenir les privilèges de domaine admin
    👇
    github.com/logangoins/SharpSuc

Mitigation

"Until a formal patch is released by Microsoft, defensive efforts should focus on limiting the ability to create dMSAs and tightening permissions wherever possible."

  • Limiter les droits "CreateChild" :
    Réviser les permissions sur les OU et restreindre la création d’objets aux seuls comptes administratifs de confiance.

  • Surveiller les créations et modifications de dMSA :
    Configurez des audits pour les événements AD pertinents (Event IDs 5136, 5137) afin de détecter toute activité suspecte liée aux dMSA.

  • Utiliser des outils de détection :
    Employer des scripts comme Get-BadSuccessorOUPermissions.ps1 ( github.com/akamai/BadSuccessor ) pour identifier les comptes ayant des permissions à risque pour remédiation.

[ dans les news infosec ]
⬇️
"SharpSuccessor PoC Released to Weaponize Windows Server 2025 BadSuccessor Flaw"
👇
gbhackers.com/sharpsuccessor-p

Count the ways that #Trump is destroying lives: the #economy, US standing & #creditrating, #tariffs, #jobs, #rights, #education, #health, #healthcare, #housing affordability, #wellbeing, #publicsafety, #publichealth, #tourism... to #immigrants, #POC, #LGBTQ ppl, #disabled ppl, #farmers, #children, #seniors, small business owners...

"Travel to the US🚨is dropping from pretty much every part of the world!

Tourism to the US from Europe is in the process of collapsing."
-A Reichlin-Melnick
#USPol

1:09:38 #Hitler '33/#Trump '25: The 1st 100 Days
youtube.com/watch?v=mJIf0i0KkXw
The claim is made that the US overcame the #dualState of #authoritarianism for #PoC and #democracy for white people is wrong and will be so as long as #slavery remains as punishment in the #Constitution and prisoners are denied to participate in #elections and even worse, in some states are denied even after the release.
There is an incentive to tailor laws to imprison the opposition's voters as Nixon did (still do).

Replied in thread

@SeanCasten

Think about how clueless someone would have to be to accept this as a credible explanation for what’s happening to the #US economy.

Well, #Trump and his bootlickers are trying to fire every federal worker who *doesn’t* buy it.

Trump & #Musk aren’t merely getting rid of #women, #POC and others who benefited from #DEI practices.

They’re hiring/retaining the dumbest fuскing people in the country.

#USPol
#USA

So, nächster Entlastungsgrund für den Todesschützen von #Oldenburg ist raus: #AugenblicksVersagen.

#Freispruch hat er so gut wie in der Tasche. (Vllt. mit paar Auflagen.)

Da es im Fall #Lorenz bisher keine #Videos o.ä. gibt, ist es schwer die Situation zu bewerten.

Aber in ähnlich gelagerten Situationen der Vergangenheit, die besser dokumentiert sind, würde ich nicht von "Augenblicksversagen" sprechen, sondern von hoch konzentrierten #Beamt_innen.

Die #PoC töten.

derstandard.de/story/300000026

.

DER STANDARD · Entsetzen nach Polizeieinsatz in Oldenburg: Junger Schwarzer starb durch Schüsse von hintenIn Niedersachsen starb ein 21-Jähriger durch Schüsse aus einer Polizeiwaffe. Freunde sprechen von Rassismus, die Staatsanwaltschaft ermittelt wegen des Verdachts auf Totschlag