Nicolás GeorgerforSREDevOps.orgsredevopsorg.hashnode.dev·Apr 5, 2024Kube-Bench: Chequea la seguridad de tus clusters KubernetesKube-bench es una herramienta de código abierto que realiza una evaluación de seguridad completa de los entornos de Kubernetes. Es como el "Juramento Hipocrático" para Kubernetes, verificando todo lo posible contra las mejores prácticas y benchmarks ...DiscussCVE
Đậu Hoàng Tàiblog.taidh.xyz·Mar 29, 2024Analysis of Parse Server Prototype Pollution Remote Code Execution Vulnerability (CVE-2022-39396)Mình đã từng làm về dạng Prototype Pollution trong CTF rất nhiều nhưng có lẽ đây là lần đầu mình research CVE về lỗi này ADVISORY DETAILS. Khi mình được @n3mo rủ làm về CVE này thì chúng mình đã bắt tay vào làm ngay và sau 1 tuần debug vào mỗi đêm th...DiscussCVE-2022-39396
Đậu Hoàng Tàiblog.taidh.xyz·Mar 29, 2024Atlassian Confluence Vulnerability Analysis CVE-2022-26134Tiếp tục với những bài viết research về 1day thì mình đã chọn CVE-2022-26134 để phân tích. Đây là 1 CVE về Confluence Server OGNL Injection dẫn đến có thể thực thi mã từ xa. Dưới đây mình sẽ nói rõ về cách diff, setup debug và lỗ hổng này nó sẽ được ...Discuss·31 readsresearch
Andreas RenzforEncryptoriumblog.encryptorium.com·Mar 28, 2024The Heartbleed Vulnerability: CVE-2014-0160The Heartbleed bug is one of the most significant security vulnerabilities that have impacted the internet, affecting millions of web servers and users' data security worldwide. Discovered in April 2014, Heartbleed was a severe flaw in OpenSSL, a wid...Discussheartbleed
Anjalipeachycloudsecurity.hashnode.dev·Mar 13, 2024Testing Cloud (AWS & Azure) WAF Capabilities Against log4shell(CVE-2021–44228)Log4j shell or Log4Shell or LogJam[CVE-2021–44228] is a zero day that allows hackers to execute remote code execution(RCE). It exploits JNDI Api that uses LDAP protocol.Some organization might be thinking that they have cloud WAF’s like AWS WAF & Azu...DiscussCVE-2021–44228
Aditya Samantblog.adityasamant.dev·Feb 29, 2024Low cost CVE scanning with TrivyIntroduction In a world of microservices, a production grade enterprise application comprises of hundreds of docker images. Organisations and their customers have a high focus on the security of applications and one of the key requirements is to keep...Discusstrivy
TutorialBoyforTUTORIALBOYtutorialboy24.hashnode.dev·Feb 24, 2024Analyzing the Google Chrome V8 CVE-2024-0517 Out-of-Bounds Code Execution VulnerabilityOverview This article explores a vulnerability discovered a few months ago in Google Chrome's V8 JavaScript engine. The vulnerability was fixed via a Chrome update on January 16, 2024, and was assigned the number CVE-2024-0517. The vulnerability aris...Discussvulnerability
TutorialBoyforTUTORIALBOYtutorialboy24.hashnode.dev·Feb 21, 2024Analysis of Glibc privilege escalation vulnerability "Looney Tunables" (CVE-2023-4911)Recently, the Threat Research Unit of Qualys Company disclosed a Glibc vulnerability. The Glibc library has a buffer overflow vulnerability when processing environment variables, which can lead to local privilege escalation. This vulnerability affect...Discuss#cybersecurity
vtgsxxvtgsxx.hashnode.dev·Feb 1, 2024CVE-2023-20864: VMware Aria Operations for Logs RCECVE này mình dựng lại từ lâu rồi, lỗi không có gì phức tạp, bài phân tích cũng có rồi, nhưng gà 🐤 nên phải nhờ có sự hỗ trợ từ devme4f thì mình mới RCE thành công. Nay viết lại chính chỉ để note lại các bước mình đã thực hiện, bla bal... Mô tả CVE-...Discuss·32 readsCVE
Ogunlade Stephen Olayidehonordevop.hashnode.dev·Jan 12, 2024CISCO fixed critical Unity Connection Vulnerability CVE-2024-20272Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices. Cisco Unity Connection is a messaging platform and voic...Discuss·10 likesCVE