stm_cyber Profile Banner
STM Cyber Profile
STM Cyber

@stm_cyber

Followers
358
Following
390
Media
22
Statuses
73

HACK THE UNHACKABLE

Warsaw / Poland
Joined September 2020
Don't wanna be here? Send us removal request.
@stm_cyber
STM Cyber
1 year
We are so proud to announce that the 🇵🇱Poland -🇫🇮Finland team, under the command of the @CyberWojska, won second place in the world's largest cyber defense exercise, Locked Shields, 2024! 🥈 @trodbert, which included as many as 8 people from STM Cyber, achieved the best result in
Tweet media one
6
1
17
@stm_cyber
STM Cyber
1 year
Przypominamy, że 8 marca odbędzie się Dzień Otwarty STM Academy!.Zgłoszenia prosimy wysyłać na info@stm-academy.com, liczba miejsc ograniczona, więc lepiej się pośpieszyć. Agenda:.10.00 – 10.30  Przywitanie uczestników - powitalna kawa .10.30 - 12.00  Warsztat: Jak rozpoznać i.
0
2
2
@stm_cyber
STM Cyber
1 year
Zapraszamy wszystkich chętnych na dzień otwarty 8.03.2024, żeby zapoznać się z STM Academy! Odbędzie się pokazowe szkolenie na platformie @hacking_dept , spotkanie z ekspertami cyberbezpieczeństwa oraz członkami najlpeszych polskich grup CTF w Polsce - @p4_team team oraz
Tweet media one
1
2
6
@stm_cyber
STM Cyber
2 years
RT @TheHackersNews: Popular PAX PoS systems used in countless stores worldwide are vulnerable to crippling attacks. Hackers could hijack t….
Tweet card summary image
thehackernews.com
Popular PAX PoS systems used in countless stores worldwide are vulnerable to crippling attacks.
0
44
0
@stm_cyber
STM Cyber
2 years
@rysiacz Their efforts resulted in the identification of two vulnerabilities:.1. CVE-2024-20916 - SQL injection - found by Patryk Rejchert.2. CVE-2024-20917 - DOM-Based Cross-Site Scripting - found by Piotr Konopko & Patryk Rejchert.Patch has been released on the 16th of January.
0
0
2
@stm_cyber
STM Cyber
2 years
We are excited to share that our employees @rysiacz and Piotr Konopko from @stm_cyber conducted a security assessment of Oracle Enterprise Manager. Read more in the comments.
1
1
7
@stm_cyber
STM Cyber
2 years
Current list of vulnerabilities:.- CVE-2023-42134.- CVE-2023-42135.- CVE-2023-42136.- CVE-2023-42137.- CVE-2023-4818. Kudos to @CERT_Polska_en for helping with the disclosure process 🤝.
0
0
3
@stm_cyber
STM Cyber
2 years
We are releasing the first wave of vulnerabilities targeting @paxtechnology PAX Android POS terminals. The list includes pre-auth RCE on the root account by exploiting a hidden bootloader functionality via USB. You can expect more POS CVEs soon™ :).
Tweet card summary image
blog.stmcyber.com
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
2
31
66
@stm_cyber
STM Cyber
2 years
Another happy hunting 👊 .Dell Technologies would like to thank @redfr0g_ Brzozowski (redfr0g), Franek Kalinowski, and Stanisław Koza from STM Cyber for reporting these issues:.CVE-2023-44277 .CVE-2023-44284.CVE-2023-44286.
0
0
3
@stm_cyber
STM Cyber
2 years
RT @redfr0g_: Together with @albercik007 and Szymon Jacek from @stm_cyber we found several vulnerabilities in SolarWinds Platform 2023.4. A….
0
1
0
@stm_cyber
STM Cyber
2 years
Congrats! We are so proud 💪.
@BonusPlay3
Bonus
2 years
We managed to win yet another space-related CTF, this time organized by @esaoperations. We managed to join forces with 2 great hackers from @HPI_DE, to form a 🇵🇱🇩🇪 team. 🛰️ 🔫 🦆.
0
0
1
@stm_cyber
STM Cyber
2 years
Bartosz Śmigielski @glasnostt from STM Cyber found a security vulnerability in SAP Business Objects identified by CVE-2023-42474. DOM-Based XSS was possible by injecting a URL in the GET parameter during window printing in analytical reporting. More info:
blog.stmcyber.com
Sap Business Objects version 420 is vulnerable to DOM-XSS attack.
0
2
9
@stm_cyber
STM Cyber
2 years
Our pentesters Stanisław Koza and Jakub Sajniak (@kubolos231) found another high vuln in the Cisco product. It was marked CVE-2023-20211 and it allows any auth user to extract any info from the Cisco Unified Communications Manager using SQLi. Our PoC:
Tweet card summary image
blog.stmcyber.com
A vulnerability in the web mgmnt interface of Cisco Unified CM and CM SME could allow an authenticated, remote attacker to conduct SQL injection attack.
1
4
11
@stm_cyber
STM Cyber
2 years
Our pentesters Janek and Szymon pranked us in our Microsoft Teams group using interesting phishing 🎣 trick!.Check out what they have discovered and how they manage to earn a free pizza 🍕 using message replay spoofing on Teams:.
Tweet card summary image
blog.stmcyber.com
Earlier this year, we discovered an interesting behavior in Microsoft Teams chat functionality that allowed us to phish our coworkers and earn a free pizza. By modifying the request it’s possible to...
0
3
8
@stm_cyber
STM Cyber
2 years
RT @redfr0g_: I am excited to lead a brand new course from @stm_cyber Academy - Network Security. If you want to take a deep dive into L2….
0
1
0
@stm_cyber
STM Cyber
2 years
RT @p4_team: Get ready, set, hack! just hit the ground! ⏰ Less than 24hrs to uncover flags, conquer snacks & tackle….
0
7
0
@stm_cyber
STM Cyber
2 years
RT @CONFidenceConf: Soon at #CONFidenceConf members of @p4_team 🐦 - Adam Kliś (security researcher @stm_cyber) and Krzysztof Zając (senior….
0
2
0
@stm_cyber
STM Cyber
3 years
Congrats! You finally did it! 💪 🇵🇱🚀🌌 Poland truly can into space!.
@p4_team
p4
3 years
Third time's a charm! Once again @p4_team and @DragonSectorCTF have joined forces as the Poland Can Into Space team to conquer space 🇵🇱🚀🌌 and this time we did🏆! We won @hack_a_sat, the space security competition! Thanks to🥈SpaceBitsRUs and🥉@solarwine_ctf for a fierce fight!
Tweet media one
0
2
12