Undisclosed OpenSSL vulnerability: Free scripts for target scoping

By: Jonathan Rau
Oct 31, 2022

Tomorrow is “patch Tuesday” and it's a notable one. The OpenSSL project team announced last week that they will be releasing OpenSSL version 3.0.7, with a patch to fix a critical security vulnerability. Until the vulnerability details ...

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

By: Gafnit Amiga
Sep 20, 2022

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’...

Exploiting Authentication in AWS IAM Authenticator for Kubernetes

By: Gafnit Amiga
Jul 11, 2022

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that helps you to create, operate, and maintain Kubernetes clusters. Amazon EKS has several deployment options including AWS cloud and on-premises (Amazon EKS Anywhere). Amazon EKS ...

New Vulnerabilities in Kubernetes NGINX Ingress Controller

By: Gafnit Amiga
Jul 6, 2022

Starting in October 2021, the NGINX’s Kubernetes Ingress Controller started to come under siege from security researchers and the open salvo was delivered in the form of CVE-2021-25742 which allowed attackers to gain access to secrets st...