🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Happy 1st birthday to Red Threat! Thanks to all of our friends and family that supported us in making this dream a reality.

Tired of just grabbing a screenshot after compromising a crestron unit on a pentest? Introducing party mode, a surefire way to spice up your debrief meeting. Finish your presentation. Hit the button and moonwalk out the door. gist.github.com/LemonSec/b62ca…

I probably should have checked the weather forecast before driving 4 hours.

Anyone know the SLA time on a P1 for Fortinet I’ve called 4 times this morning and keep getting told they’ll call back later.

These Spotify made for you playlist are getting pretty good!

First time I've seen a threat actor leveraging keyemu in the wild. Can't wait to try it on a pentest. Turns out the technique was released years ago in this github repo: github.com/panhavad/undet…

I received my first cease and desist for responsibly disclosing a critical vulnerability that gives a remote unauthenticated attacker full access to modify a traffic controller and change stoplights. Does this make me a Security Researcher now?

If you thought the response from the vendor was lame, wait until you see how easy the “exploit” is.

Got a new controller in the mail today now I just have to figure out how to power it up.

23 lever nuts later and I have a working controller.

Does anyone have a big list of all the security conferences, maybe a website or twitter account?

My research on Traffic Control Systems is live!

In this episode of The Phillip Wylie Show, Phillip Wylie's guest is Andrew Lemon (Lemon). youtu.be/2oVTO_yItJA

Are you ready to play a game, DEF CON? Our 1st Clue Hunt clue is ready for you. Winners get the challenge coin that screws into the custom badge completing a circuit and lighting it up. Evan Tobac and I can’t wait to meet the winners! The game starts now.

Dropping 0 days in elevators

The worst part about Responsible Disclosure is the “Responsible” part. I want to share my findings now, but I guess I’ll wait until the patch drops! COMPLETELY unrelated, the top song for the day is “It’s getting hot in here”

Help me, Obi-Wan Kenobi. I'm afraid Princess Leia has been turned to the Dark Side.

Friendly reminder: You can actually buy industrial hardware like crane controllers online and test them for security vulnerabilities. This version allows you to capture and replay button presses.

Mark Griffin Interrupt Labs Vigilant Labs bugcrowd alan Ninja3047 trashcanna maxpl0it SSD Labs 1️⃣2️⃣ Intelight X-1 – Grand Central Hack The Planet 🚦🌎 Red Threat successfully demo’d how to bypass the authentication prompt on an Intelight X-1 traffic control system - leading to full access to make any changes you want on the controller.

❗ Most Impactful System ❗ WINNER: Lemon: bypassing authentication prompts on an Intelight X-1 traffic control system 🚦 RUNNER UP: SeongJoon Cho & Dongheyon Oh, SSD Labs: exposing security flaws in the D-Link DSR-250 VPN Router 🌐