pentesting – Page 5 – WindowsTechs.com

Cybersecurity News – Hackers Aim No Worse Than Cupid

Posted on February 14, 2019 by edguards

Take a glance at the most discussed cybersecurity news of the week. Happy Valentine’s Scam …
The post Cybersecurity News – Hackers Aim No Worse Than Cupid appeared first on EdGuards – Security for Education.
The post Cybersecurity News – … Continue reading Cybersecurity News – Hackers Aim No Worse Than Cupid→

Abusing Docker API | Socket

Posted on February 1, 2019 by CG

Notes on abusing open Docker socketsThis wont cover breaking out of docker containersPorts: usually 2375 & 2376 but can be anythingRefs:https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0https://www.slide… Continue reading Abusing Docker API | Socket→

#TripwireBookClub – Pentesting Azure Applications

Posted on January 31, 2019 by Tyler Reguly

For the final book purchase of 2018, members of VERT decided to read “Pentesting Azure Applications: The Definitive Guide to Testing and Securing Deployments,” written by Matt Burrough and published by No Starch Press. Matt has spent nearly… Continue reading #TripwireBookClub – Pentesting Azure Applications→

Assess Your Risks

Posted on January 22, 2019 by Social-Engineer

We talk a lot about phishing, vishing, smishing, and impersonation here at SECOM, and there is a good reason for that. Those are the primary services we provide as a company for our clients. Not all clients use all of our services, and some companies d… Continue reading Assess Your Risks→

Kubernetes: unauth kublet API 10250 basic code exec

Posted on January 16, 2019 by CG

Unauth API access (10250)
Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it’s still pretty common to find it exposed via the “insecure API service” option.

Everybody who … Continue reading Kubernetes: unauth kublet API 10250 basic code exec→

Kubernetes: Kube-Hunter 10255

Posted on January 16, 2019 by CG

Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint

or the /metrics endpoint

or the /stats endpoint

$ ./kube-hunter.pyChoose one of the … Continue reading Kubernetes: Kube-Hunter 10255→

Kubernetes: unauth kublet API 10250 token theft & kubectl

Posted on January 16, 2019 by CG

Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec
kube-hunter output to get us started:
do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods
With that data, you can craft your post… Continue reading Kubernetes: unauth kublet API 10250 token theft & kubectl→

Kubernetes: Kubelet API containerLogs endpoint

Posted on January 11, 2019 by CG

How to get the info that kube-hunter reports for open /containerLogs endpointVulnerabilities+—————+————-+——————+———————-+—————-+| LOCATION CATEGORY … Continue reading Kubernetes: Kubelet API containerLogs endpoint→

Kubernetes: Master Post

Posted on January 7, 2019 by CG

I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i’m missing blog posts or useful resources ping me here or twitter.Talks you should watch if you are interested in Kuber… Continue reading Kubernetes: Master Post→

I found a GCP service account token…now what?

Posted on January 2, 2019 by CG

Google Cloud Platform (GCP) is rapidly growing in popularity and i haven’t seen too many posts on f**king it up so I’m going to do at least one 🙂
Google has several ways to do authentication but most likely what you are going to come across sho… Continue reading I found a GCP service account token…now what?→