Mini Pen Test Diaries Story:

The year was 2010, and I was onsite at a UK local authority doing an internal network assessment.

One of the tasks was - if given a standard, non-privileged, domain user account, with minimal access afforded to it - what could I do? Could I access sensitive documents? Could I login to systems I shouldn't be able to? Could I elevate myself. Standard stuff.

I got my account, and immediately started fishing around the main file share with the users home directories on it. To my immense surprise, I found out that I was able to access the content of every single users home directory. Including all the top level folks.

They must've accidentally given me some account in an IT group or something, so I check it out. Nope - groups look normal.

The permissions on the share look pretty normal too.

I play around with the account more and more and encounter zero resistance to anything, access wise.

Something must be very wrong - but what?

Finally I go over and speak to the IT people who I'd been working with.

"So," I said. "This account, it's supposed to have a very minimal permissions set right?"

"Yes, the lowest of the low." They reply.

"So how come I can get into all these files?" I ask, and show them my rummaging around the very senior peoples confidential files.

"You shouldn't be able to do that!!"

Now, the three of us are rapidly trying to figure out what the heck is going on. It's surprisingly difficult to figure out.

Eventually, I make what to this day remains one of my all time favorite pen testing discoveries.

This organisation, had somehow, managed to add the entire "Domain Users" group to the "Domain Admins" group!

All 1,500 people who worked there, had domain admin access. And after investigation, we found out it had been like that for 10 months.

Someone couldn't get something working, until they found this "fix".

Amazing.

For more, slightly less mini pen test diaries stories, check out https://infosecdiaries.com.

#infosec #pentest #pentesting

Okay, this version 3 GPS tracker board seems pretty good to go now!

Does anyone have any tips to not get JLCPCB charging me extra for multi-design panels? Each tracker needs a pair of PCBs which stack on top of each other.

@jpm they’re kids sizes it seems? Anyway if you can find a Fendt one in Large I’ll buy you a pint

@leighelse @bigblen @paw @davidrevoy whoa. Respect. 🙏🏻 Your asceticism is an inspiration for all of us! (assuming, of course, that that's your *main* browser 😜 )

RE: https://mindly.social/@sgtgary/116570844152690397

It is really nice to see articles about space debris that are by people I haven't worked with already! (I'm so glad other people do care about these issues)

So...uh... don't look up, I guess?

Tom Homan is protected from investigation and prosecution for now, but he won't always be.

@lightweight @bigblen @paw @davidrevoy I am =such= an outlier.

It really is appalling.

知り合いの @siliconsjang さんが今日、SiliconBeest v1.0.0 を公開しました。Cloudflare Workers、D1、R2、Queuesだけで動くフェディバースサーバーで、Fedifyを使ってくれています。

個人的に面白いと思ったのは出発点で、Cloudflare障害のたびにFediverseのサーバーがまとめて落ちるのを見て、「それならいっそCloudflareの上で動かせばよいのでは」と思ったのが始まりだそうです。

小規模なインスタンスならCloudflareの無料プランで、少し大きくなっても月5ドルくらいで運営できることを目指しているとのこと。まだ初期バージョンなので未実装の部分も多く、MastodonやMisskey APIとの互換性は未だ先の目標みたいです。

Fedifyを使ってくれているのもあって、個人的に嬉しいです。気になったので共有します。

ソースコードはAGPL 3.0でGitHubで公開されています。

#フェディバース #fediverse #ActivityPub #Cloudflare

RE: https://hackers.pub/@siliconsjang/2026/siliconbeest-v1.0.0

@be @lightweight

I had exactly the same problem.. until at a certain moment suddenly my browser crashed and all open tabs were forgotten. I was suddenly back at one tab. Oh noos, disaster! 😱

And you know what happened? Nothing happened. Those tabs were all backlog. Interesting. Must read, should process. But once they were lost it was a relief, a burden from the shoulders.

You might say that today with Social experience design I study the solution development process for solving wicked problems. SX is anchored on a simple life philosophy which is based on the assumption that "simple solutions still exist".

With my tab hoarding I didn't honor that assumption. Based on observation that everything we need to solve wicked problems is already available. All the wisdom, knowledge, common sense, and life experience. It is all available in abundance, lying in the street, as we trample on it on our hurried day-to-day.

The information isn't the problem. Being too swamped to process it is.

Narrator: It was indeed a big deal, and it was indeed his fault.

Won't stop me / us from trying to build better, but this battle would be a lot easier if we all did it together in lockstep

@smallcircles @be I know you're right. I just haven't achieve acceptance yet. Still... in... denial. Made possible by having way too much RAM. I need to create a self-healing system. Might need to pull a few RAM sticks.

Climate researchers have long documented something about a warmer world that's hard even for nonscientists to miss: It doesn't rain, it pours. https://www.japantimes.co.jp/environment/2026/05/14/climate-change/intense-rain-dry-planet-explainer/?utm_medium=Social&utm_source=mastodon #environment #climatechange #environment #climatechange #floods #drought

Eating a whole sleeve of crackers probably won’t solve your problems, but it’s worth a try

Telegram is charging some users a one-week Premium subscription for SMS verification - • 𝐭𝐞𝐜𝐡-𝑖𝑠ℎ

｢ This situation is closely tied to Telegram’s controversial Peer-to-Peer Login Program (P2PL), which was announced last year. P2PL allows users to volunteer their phone number as a relay to send up to 150 OTP SMS messages per month to other users, in exchange for a free Premium subscription ｣
https://tech-ish.com/2025/11/27/telegram-charging-one-week-premium-subscription-for-sms-verification/

And with the Epstein files, Blanche is still keeping him out of jail…

OLG Hamm: Falschangaben eines KI-Chatbots sind dem Unternehmen als eigene irreführende geschäftliche Handlung nach § 5 UWG zuzurechnen https://www.beckmannundnorda.de/serendipity/index.php?/archives/7678-OLG-Hamm-Falschangaben-eines-KI-Chatbots-sind-dem-Unternehmen-als-eigene-irrefuehrende-geschaeftliche-Handlung-nach-5-UWG-zuzurechnen.html