Uber was hacked. The hacker social engineered an employee -> logged into the VPN and scanned their intranet. 👇
Apparently there was an internal network share that contained powershell scripts... "One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite"
@hacker_ Can you ask what "SE" is here? Did you just assume a phish?
@hacker_ Your tweet was quoted in an article by TechCrunch techcrunch.com/2022/09/19/how…
@hacker_ Your tweet was quoted in an article by Vice News vice.com/en_us/article/…
@hacker_ Your tweet was quoted in an article by The Verge theverge.com/2022/9/16/2335…
@hacker_ Your tweet was quoted in an article by theregister go.theregister.com/feed/www.there…
@hacker_ They had a PAM solution…but didn’t use MFA for privileged access to the PAM solution???
@hacker_ Why on earth didn’t they have 2FA turned on for all of those?
@hacker_ Sounds like red team 101. Hopefully this just emphasizes the importance of regular, gloves off red team assessments in addition to the rest of an orgs security practices (bug bounty, pentest, IA, appsec)
@hacker_ @krystalball and @esaagar , this is super interesting, you guys should cover it! Uber internal network hacked
@hacker_ I actually do not know how to react to this, huber really play with there account. I thought it was pentesting when i first saw the incidence but now is turning to reality
@hacker_ how do people even do these stuff? hackers are wild.
@hacker_ In security, the human being is always the weakest link!
@hacker_ Wouldn't a 2nd factor still be needed to access the AWS account and other assets? Or did they not have MFA turned on? Pretty much standard practice nowadays.
@hacker_ What messaging software are thé screenshots from ? Thanks.
@hacker_ Freelancer & Business Agency- International. EU.
