Alvin Nayakalveblog.hashnode.dev·Jul 7, 2023Datree - Clear out your misconfigurationsHeadstart To manage and ensure the integrity of Kubernetes configurations within organizations, Datree was developed to handle the difficulties and complexities involved. As Kubernetes grew in popularity, it became clear that it might be very difficu...DiscussDatree
Nayan Shivharenayanshiv1.hashnode.dev·Mar 23, 2023Most Lethal Threat In The Cloud: “MISCONFIGURATION”Summary: One of the most lethal and prevalent attack vectors in 2023 is still misconfiguration which happens due to human error. With the rapid growth of organizations and agility provided by Cloud Service Providers more and more organizations adopti...Discuss·61 readsmisconfigurations
Pradeep Bhattaraipr0d33p.hashnode.dev·Feb 9, 2023Maximizing Penetration Testing Efforts with ShodanIntroduction Penetration testing is an essential part of cybersecurity, helping organizations identify and address potential security vulnerabilities before they can be exploited by malicious actors. With the increasing number of connected devices an...Discuss·35 readspentesting
Pradeep Bhattaraipr0d33p.hashnode.dev·Jan 15, 2023AWS IAM: Advantages, Common Misconfigurations and Best PracticesAWS IAM Identity and Access Management (IAM) is an AWS service that helps to provide access control to AWS resources. IAM should and is used to control authentication and authorization. AWS IAM can be used to can specify who and what can access servi...Discuss·44 readsAWS
Pradeep Bhattaraipr0d33p.hashnode.dev·Dec 26, 2022Active Directory: Misconfigurations, Lab and Best PracticesActive Directory Active Directory is a directory service used by organizations to store information about their users, computers, and other network resources. It's used primarily to provide a secure way to manage users, applications, and network reso...Discuss·156 readsActive Directory
Pradeep Bhattaraipr0d33p.hashnode.dev·Sep 10, 2022Solving Assumptions of Life: Winja CTF | Nullcon Goa 2022Summary The challenge started with the web page accepting cmd parameter with only env command input. The output of the environment included AWS_ACCOUNT_ID and AWS_ROLE. After obtaining the credentials with assume-role, listing the available S3 bucket...Discuss·194 readsAWS
Pradeep Bhattaraipr0d33p.hashnode.dev·Sep 9, 2022Solving Crater Problem: Winja CTF | Nullcon Goa 2022Summary The challenge started with the description along with the Terraform state file. This challenge involved the misconfiguration within the AWS policy allowing any AWS account to perform multiple actions against the vulnerable AWS service configu...Discuss·1 like·553 readsaws cli
Pradeep Bhattaraipr0d33p.hashnode.dev·Mar 9, 2022Dirty Pipe: A Critical Linux Kernel VulnerabilityRecently, security researcher Max Kellermann discovered a critical vulnerability in the Linux kernel that has been affecting all versions since 5.8, including Android devices. This vulnerability, dubbed "Dirty Pipe," has the potential to lead to priv...Discuss·37 readsmisconfigurations