Evolution of Data Lifecycle Management at Uber https://www.uber.com/en-GB/blog/evolution-of-data-lifecycle-management-at-uber/
Your Comprehensive Guide to Kubernetes Security https://medium.com/@paritoshblogs/your-comprehensive-guide-to-kubernetes-security-0a215518b710
Medium
Your Comprehensive Guide to Kubernetes Security
Kubernetes, often referred to as K8s, has revolutionized the world of container orchestration and application deployment. Its flexibility…
👍1
People who say “PHP is insecure” are uninformed https://hakluke.com/people-who-say-php-is-insecure-are-uninformed/
Hakluke
People who say “PHP is insecure” are uninformed
I hear a lot of folks parrot the opinion that PHP is somehow less secure than other languages. This simply isn't true. Here's why.
Abusing gdb Features for Data Ingress & Egress https://www.archcloudlabs.com/projects/debuginfod/
Archcloudlabs
Abusing gdb Features for Data Ingress & Egress
About The Project Modern Software Development environments have significant debugging capabilities to troubleshoot issues with the complex nature of modern software . These debugging capabilities typically manifest in Interactive Development Environment (IDE)…
Java Deserialization Vulnerability Still Alive https://blog.pyn3rd.com/2023/10/20/Java-Deserialization-Vulnerability-Still-Alive/
Pyn3Rd
Java Deserialization Vulnerability Still Alive
Several months ago, the Constrast Security Team reported a Java deserialization vulnerability about Spring Kafka to VMWare Security Team. It immediately attracted my attention and I got started to ana
LXD for security research https://bo-tato.github.io/2023/10/22/lxd-for-security-research.html
Ramblings of a misspelled potato
LXD for security research
Doing security research we are constantly setting up local installations of software we are testing, and running many noscripts and utilities. To avoid risking or polluting our computer with this, we do most things isolated in virtual machines or containers.…
👏2
[corCTF 2021] Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel https://syst3mfailure.io/wall-of-perdition/
[corCTF 2021] Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel
Wall of Perdition is the second and harder part of a two part series of kernel exploitation challenges designed by FizzBuzz101 and me for corCTF 2021. You can find the writeup for the first part, Fire of Salvation, on his blog. Unfortunately, both challenges…
corCTF 2021 Fire of Salvation Writeup: Utilizing msg_msg Objects for Arbitrary Read and Arbitrary Write in the Linux Kernel https://www.willsroot.io/2021/08/corctf-2021-fire-of-salvation-writeup.html
www.willsroot.io
corCTF 2021 Fire of Salvation Writeup: Utilizing msg_msg Objects for Arbitrary Read and Arbitrary Write in the Linux Kernel
Vulnerability Research on Low-Level Systems
1Password discloses security incident linked to Okta breach https://www.bleepingcomputer.com/news/security/1password-discloses-security-incident-linked-to-okta-breach/
BleepingComputer
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security incident after hackers gained access to its Okta ID management tenant.
🤪2
Kubernetes Deployment Strategies: Blue-Green vs. Canary https://medium.com/@arton.demaku/kubernetes-deployment-strategies-blue-green-vs-canary-ddc2a367b628
Medium
Kubernetes Deployment Strategies: Blue-Green vs. Canary
Kubernetes has emerged as the go-to solution for managing containerized applications in modern software development. It offers powerful…
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966 https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
www.assetnote.io
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
It's time for another round Citrix Patch Diffing! Earlier this month Citrix released a security bulletin which mentioned "unauthenticated buffer-related vulnerabilities" and two CVEs. These issues affected Citrix NetScaler ADC and NetScaler Gateway.
🤪2
Best Practices for Writing Quality Vulnerability Reports https://itnext.io/best-practices-for-writing-quality-vulnerability-reports-119882422a27
Medium
Best Practices for Writing Quality Vulnerability Reports
How to write great vulnerability reports? If you’re a security consultant, penetration tester or a bug bounty hunter these tips are for…
👍3
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg https://blog.exodusintel.com/2022/12/19/linux-kernel-exploiting-a-netfilter-use-after-free-in-kmalloc-cg/
Exodus Intelligence
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg - Exodus Intelligence
By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…
🤯3
Revisiting an Old Bug: File Upload to Code Execution https://www.securifera.com/blog/2023/10/25/cve-2021-27198/
Securifera
CVE-2021-27198
This article is in no way affiliated, sponsored, or endorsed with/by Visualware, Inc. All graphics are being displayed under fair use for the purposes of this article.
Revisiting an Old Bug: File Upload to Code Execution
A colleague recently contacted…
Revisiting an Old Bug: File Upload to Code Execution
A colleague recently contacted…
What Every Malware Analyst Should Know About PE Relocations http://malwareid.in/unpack/unpacking-basics/pe-relocation-table
MalwareID Unpacking Guide
PE relocation Table
The Portable Executable (PE) base relocation table is crucial in Windows executable files. It handles memory addresses for functions and data, making sure the program runs well no matter where it's loaded in memory.
👌1
Puncia - Subdomain And Exploit Hunter Powered By AI https://www.kitploit.com/2023/10/puncia-subdomain-and-exploit-hunter.html
KitPloit - PenTest & Hacking Tools
Puncia - Subdomain And Exploit Hunter Powered By AI
Inject My PDF: Prompt Injection for your Resume https://kai-greshake.de/posts/inject-my-pdf/
❤1👾1
CRLFuzz - A fast tool to scan CRLF vulnerability written in Go https://hakin9.org/crlfuzz-a-fast-tool-to-scan-crlf-vulnerability-written-in-go/
Hakin9 - IT Security Magazine
CRLFuzz - A fast tool to scan CRLF vulnerability written in Go
The installation is easy. You can download a prebuilt binary from the releases page, unpack and run! or with