All Articles
Ordered by Date Received
: Year: "2023"
Month: "03"
Day: "31"
Page:
<<
<
8 (of 9)
>
>>
Total Articles in this collection: 455
Navigation Help at the bottom of the page
Article: Linux/AirDropBot samples - published over 4 years ago.
Content: Malware Must Die: MMD-0064-2019 - Linux/AirDropBot Mirai variant targeting Linksys E-series - Remote Code Execution tmUnblock.cgi Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress)Links updated: Jan 19, 2023 Hashes MD5 SHA256 SHA1 85a8aad8d938c44c3f3f51089a60ec16 1a75...
https://contagiodump.blogspot.com/2019/10/reference-malware-must-die-mmd-0064.html
Published: 2019 10 06 20:37:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Content: Malware Must Die: MMD-0064-2019 - Linux/AirDropBot Mirai variant targeting Linksys E-series - Remote Code Execution tmUnblock.cgi Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress)Links updated: Jan 19, 2023 Hashes MD5 SHA256 SHA1 85a8aad8d938c44c3f3f51089a60ec16 1a75...
https://contagiodump.blogspot.com/2019/10/reference-malware-must-die-mmd-0064.html
Published: 2019 10 06 20:37:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
|
Article: Linux/AirDropBot samples - published over 4 years ago. Content: Malware Must Die: MMD-0064-2019 - Linux/AirDropBot Mirai variant targeting Linksys E-series - Remote Code Execution tmUnblock.cgi Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress)Links updated: Jan 19, 2023 Hashes MD5 SHA256 SHA1 85a8aad8d938c44c3f3f51089a60ec16 1a75... https://contagiodump.blogspot.com/2019/10/reference-malware-must-die-mmd-0064.html Published: 2019 10 06 20:37:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples - published over 4 years ago.
Content: Amnesia / Radiation botnet samples Remote Code Execution in CCTV DVR (kerneronsec.com - 2016) 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet 2016-08-11 CyberX Radiation IoT Cybersecurity campaign Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress) Links updated: Jan ...
https://contagiodump.blogspot.com/2019/10/amnesia-radiation-linux-botnet.html
Published: 2019 10 06 21:16:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Content: Amnesia / Radiation botnet samples Remote Code Execution in CCTV DVR (kerneronsec.com - 2016) 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet 2016-08-11 CyberX Radiation IoT Cybersecurity campaign Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress) Links updated: Jan ...
https://contagiodump.blogspot.com/2019/10/amnesia-radiation-linux-botnet.html
Published: 2019 10 06 21:16:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
|
Article: Amnesia / Radiation Linux botnet targeting Remote Code Execution in CCTV DVR samples - published over 4 years ago. Content: Amnesia / Radiation botnet samples Remote Code Execution in CCTV DVR (kerneronsec.com - 2016) 2017-04-06 Palo Alto Unit 42. New IoT/Linux Malware Targets DVRs, Forms Botnet 2016-08-11 CyberX Radiation IoT Cybersecurity campaign Download. Email me if you need the password (see in my profile) Malware Inventory (work in progress) Links updated: Jan ... https://contagiodump.blogspot.com/2019/10/amnesia-radiation-linux-botnet.html Published: 2019 10 06 21:16:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples) - published over 4 years ago.
Content: 2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own. It is written using Autoit scripts and then compiled into a Windows executable. It uses Telegram to exfiltrate stolen information.Downl...
https://contagiodump.blogspot.com/2019/10/masad-clipper-and-stealer-windows.html
Published: 2019 10 07 03:48:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Content: 2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own. It is written using Autoit scripts and then compiled into a Windows executable. It uses Telegram to exfiltrate stolen information.Downl...
https://contagiodump.blogspot.com/2019/10/masad-clipper-and-stealer-windows.html
Published: 2019 10 07 03:48:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
|
Article: Masad Clipper and Stealer - Windows spyware exfiltrating data via Telegram (samples) - published over 4 years ago. Content: 2019-09-25 Juniper. Masad Stealer: Exfiltrating using Telegram “Masad Clipper and Stealer” steals browser information, computer files, and automatically replaces cryptocurrency wallets from the clipboard with its own. It is written using Autoit scripts and then compiled into a Windows executable. It uses Telegram to exfiltrate stolen information.Downl... https://contagiodump.blogspot.com/2019/10/masad-clipper-and-stealer-windows.html Published: 2019 10 07 03:48:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: APT Calypso RAT, Flying Dutchman Samples - published over 4 years ago.
Content: 2019-10-31 Calypso APT: new group attacking state institutions Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data. Download. Email me if you need the passw...
https://contagiodump.blogspot.com/2019/12/apt-calypso-rat-flying-dutchman-samples.html
Published: 2019 12 02 04:46:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Content: 2019-10-31 Calypso APT: new group attacking state institutions Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data. Download. Email me if you need the passw...
https://contagiodump.blogspot.com/2019/12/apt-calypso-rat-flying-dutchman-samples.html
Published: 2019 12 02 04:46:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
|
Article: APT Calypso RAT, Flying Dutchman Samples - published over 4 years ago. Content: 2019-10-31 Calypso APT: new group attacking state institutions Attackers exploit Windows SMB vulnerability CVE-2017-0143 or use stolen credentials to gain access, deploy the custom Calypso RAT and use it to upload other tools such as Mimikatz, EternalBlue and EternalRomance. They move laterally and steal data. Download. Email me if you need the passw... https://contagiodump.blogspot.com/2019/12/apt-calypso-rat-flying-dutchman-samples.html Published: 2019 12 02 04:46:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
Article: KPOT info stealer samples - published about 4 years ago.
Content: KPOT Stealer is a “stealer” malware that focuses on stealing account information and other data from various software applications and servicesDownload. Email me if you need the password (see in my profile)Download 1 (from Didier Stevens' post)Download 2 (Proofpoint)Malware Inventory (work in progress)Links updated: Jan 19, 2023 References ...
https://contagiodump.blogspot.com/2020/04/kpot-info-stealer-samples.html
Published: 2020 04 19 15:27:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Content: KPOT Stealer is a “stealer” malware that focuses on stealing account information and other data from various software applications and servicesDownload. Email me if you need the password (see in my profile)Download 1 (from Didier Stevens' post)Download 2 (Proofpoint)Malware Inventory (work in progress)Links updated: Jan 19, 2023 References ...
https://contagiodump.blogspot.com/2020/04/kpot-info-stealer-samples.html
Published: 2020 04 19 15:27:00
Received: 2023 03 31 08:41:24
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
|
Article: KPOT info stealer samples - published about 4 years ago. Content: KPOT Stealer is a “stealer” malware that focuses on stealing account information and other data from various software applications and servicesDownload. Email me if you need the password (see in my profile)Download 1 (from Didier Stevens' post)Download 2 (Proofpoint)Malware Inventory (work in progress)Links updated: Jan 19, 2023 References ... https://contagiodump.blogspot.com/2020/04/kpot-info-stealer-samples.html Published: 2020 04 19 15:27:00 Received: 2023 03 31 08:41:24 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples) - published over 1 year ago.
Content: 2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted ...
https://contagiodump.blogspot.com/2023/02/malware-arsenal-used-by-ember-bear-aka.html
Published: 2023 02 18 07:59:00
Received: 2023 03 31 08:41:23
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Content: 2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted ...
https://contagiodump.blogspot.com/2023/02/malware-arsenal-used-by-ember-bear-aka.html
Published: 2023 02 18 07:59:00
Received: 2023 03 31 08:41:23
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
|
Article: Malware Arsenal used by Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) in attacks targeting Ukraine (samples) - published over 1 year ago. Content: 2023-02-18Ember Bear (aka UAC-0056,Saint Bear, UNC2589, Lorec53, TA471, Nodaria, Nascent Ursa, LorecBear, Bleeding Bear, and DEV-0586) is an Advanced Persistent Threat (APT) group believed to be based in Russia. Their primary targets have been diplomatic and government entities in Europe, particularly Ukraine, and the United States. They have also targeted ... https://contagiodump.blogspot.com/2023/02/malware-arsenal-used-by-ember-bear-aka.html Published: 2023 02 18 07:59:00 Received: 2023 03 31 08:41:23 Feed: contagio Source: contagio Category: Cyber Security Topic: Cyber Security |
|
Article: Scottish building firm renews SBD membership - published about 1 year ago.
Content: Scottish building firm City Building (Glasgow) LLP has renewed its membership with Secured by Design (SBD), the national police crime prevention initiative. The company provides a range of repairs and maintenance, manufacturing, construction and refurbishment activities across the public, private and third sectors. As well as providing the largest con...
https://securityjournaluk.com/scottish-building-firm-renews-sbd-membership/?utm_source=rss&utm_medium=rss&utm_campaign=scottish-building-firm-renews-sbd-membership
Published: 2023 03 31 08:08:51
Received: 2023 03 31 08:26:38
Feed: Security Journal UK
Source: Security Journal UK
Category: Security
Topic: Security
Content: Scottish building firm City Building (Glasgow) LLP has renewed its membership with Secured by Design (SBD), the national police crime prevention initiative. The company provides a range of repairs and maintenance, manufacturing, construction and refurbishment activities across the public, private and third sectors. As well as providing the largest con...
https://securityjournaluk.com/scottish-building-firm-renews-sbd-membership/?utm_source=rss&utm_medium=rss&utm_campaign=scottish-building-firm-renews-sbd-membership
Published: 2023 03 31 08:08:51
Received: 2023 03 31 08:26:38
Feed: Security Journal UK
Source: Security Journal UK
Category: Security
Topic: Security
|
Article: Scottish building firm renews SBD membership - published about 1 year ago. Content: Scottish building firm City Building (Glasgow) LLP has renewed its membership with Secured by Design (SBD), the national police crime prevention initiative. The company provides a range of repairs and maintenance, manufacturing, construction and refurbishment activities across the public, private and third sectors. As well as providing the largest con... https://securityjournaluk.com/scottish-building-firm-renews-sbd-membership/?utm_source=rss&utm_medium=rss&utm_campaign=scottish-building-firm-renews-sbd-membership Published: 2023 03 31 08:08:51 Received: 2023 03 31 08:26:38 Feed: Security Journal UK Source: Security Journal UK Category: Security Topic: Security |
Article: Police Crime Prevention Academy rural scheme - published about 1 year ago.
Content: Young farmers are being trained to help in fighting rural crime. A bespoke training course – Helping Farmers to Prevent Crime – has been developed by The National Federation of Young Farmers’ Clubs (NFYFC) and the Police Crime Prevention Academy (the Academy), in association with NFU Mutual. Inspired by an initiative started by Cumbria Federation of Y...
https://securityjournaluk.com/police-crime-prevention-academy-rural-scheme/?utm_source=rss&utm_medium=rss&utm_campaign=police-crime-prevention-academy-rural-scheme
Published: 2023 03 31 08:23:27
Received: 2023 03 31 08:26:38
Feed: Security Journal UK
Source: Security Journal UK
Category: Security
Topic: Security
Content: Young farmers are being trained to help in fighting rural crime. A bespoke training course – Helping Farmers to Prevent Crime – has been developed by The National Federation of Young Farmers’ Clubs (NFYFC) and the Police Crime Prevention Academy (the Academy), in association with NFU Mutual. Inspired by an initiative started by Cumbria Federation of Y...
https://securityjournaluk.com/police-crime-prevention-academy-rural-scheme/?utm_source=rss&utm_medium=rss&utm_campaign=police-crime-prevention-academy-rural-scheme
Published: 2023 03 31 08:23:27
Received: 2023 03 31 08:26:38
Feed: Security Journal UK
Source: Security Journal UK
Category: Security
Topic: Security
|
Article: Police Crime Prevention Academy rural scheme - published about 1 year ago. Content: Young farmers are being trained to help in fighting rural crime. A bespoke training course – Helping Farmers to Prevent Crime – has been developed by The National Federation of Young Farmers’ Clubs (NFYFC) and the Police Crime Prevention Academy (the Academy), in association with NFU Mutual. Inspired by an initiative started by Cumbria Federation of Y... https://securityjournaluk.com/police-crime-prevention-academy-rural-scheme/?utm_source=rss&utm_medium=rss&utm_campaign=police-crime-prevention-academy-rural-scheme Published: 2023 03 31 08:23:27 Received: 2023 03 31 08:26:38 Feed: Security Journal UK Source: Security Journal UK Category: Security Topic: Security |
|
Article: Bespoke Apple Watch Ultra in Anodized Blue Sold by Arizona Jeweler - published about 1 year ago.
Content:
https://www.macrumors.com/2023/03/31/bespoke-apple-watch-ultra-anodized-blue/
Published: 2023 03 31 08:18:08
Received: 2023 03 31 08:25:37
Feed: MacRumors : Mac News and Rumors
Source: MacRumors : Mac News and Rumors
Category: News
Topic: Cyber Security
Content:
https://www.macrumors.com/2023/03/31/bespoke-apple-watch-ultra-anodized-blue/
Published: 2023 03 31 08:18:08
Received: 2023 03 31 08:25:37
Feed: MacRumors : Mac News and Rumors
Source: MacRumors : Mac News and Rumors
Category: News
Topic: Cyber Security
|
Article: Bespoke Apple Watch Ultra in Anodized Blue Sold by Arizona Jeweler - published about 1 year ago. Content: https://www.macrumors.com/2023/03/31/bespoke-apple-watch-ultra-anodized-blue/ Published: 2023 03 31 08:18:08 Received: 2023 03 31 08:25:37 Feed: MacRumors : Mac News and Rumors Source: MacRumors : Mac News and Rumors Category: News Topic: Cyber Security |
|
Article: Kubernetes: open etcd - published over 5 years ago.
Content: Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative." -from: https://coreos....
https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html
Published: 2019 01 06 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative." -from: https://coreos....
https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html
Published: 2019 01 06 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: open etcd - published over 5 years ago. Content: Quick post on Kubernetes and open etcd (port 2379) "etcd is a distributed key-value store. In fact, etcd is the primary datastore of Kubernetes; storing and replicating all Kubernetes cluster state. As a critical component of a Kubernetes cluster having a reliable automated approach to its configuration and management is imperative." -from: https://coreos.... https://blog.carnal0wnage.com/2019/01/kubernetes-open-etcd.html Published: 2019 01 06 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Kubernetes: cAdvisor - published over 5 years ago.
Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers." runs on port 4194 Links: https://kubernetes.io/docs/tasks/debug-application-cluster/resourc...
https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html
Published: 2019 01 06 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers." runs on port 4194 Links: https://kubernetes.io/docs/tasks/debug-application-cluster/resourc...
https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html
Published: 2019 01 06 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: cAdvisor - published over 5 years ago. Content: "cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers." runs on port 4194 Links: https://kubernetes.io/docs/tasks/debug-application-cluster/resourc... https://blog.carnal0wnage.com/2019/01/kubernetes-cadvisor.html Published: 2019 01 06 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: Master Post - published over 5 years ago.
Content: I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter. Talks you should watch if you are interested in Kubernetes: Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman https://www.youtube.com/watch?v=v...
https://blog.carnal0wnage.com/2019/01/kubernetes-master-post.html
Published: 2019 01 07 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter. Talks you should watch if you are interested in Kubernetes: Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman https://www.youtube.com/watch?v=v...
https://blog.carnal0wnage.com/2019/01/kubernetes-master-post.html
Published: 2019 01 07 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: Master Post - published over 5 years ago. Content: I have a few Kubernetes posts queued up and will make this the master post to index and give references for the topic. If i'm missing blog posts or useful resources ping me here or twitter. Talks you should watch if you are interested in Kubernetes: Hacking and Hardening Kubernetes Clusters by Example [I] - Brad Geesaman https://www.youtube.com/watch?v=v... https://blog.carnal0wnage.com/2019/01/kubernetes-master-post.html Published: 2019 01 07 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: Kubelet API containerLogs endpoint - published over 5 years ago.
Content: How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +---------------+-------------+------------------+----------------------+-------...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html
Published: 2019 01 11 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +---------------+-------------+------------------+----------------------+-------...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html
Published: 2019 01 11 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: Kubelet API containerLogs endpoint - published over 5 years ago. Content: How to get the info that kube-hunter reports for open /containerLogs endpoint Vulnerabilities +---------------+-------------+------------------+----------------------+----------------+ | LOCATION CATEGORY | VULNERABILITY | DESCRIPTION | EVIDENCE | +---------------+-------------+------------------+----------------------+-------... https://blog.carnal0wnage.com/2019/01/kubernetes-kubelet-api-containerlogs.html Published: 2019 01 11 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Kubernetes: Kubernetes Dashboard - published over 5 years ago.
Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it. Usually found on port 30000 kube-hunter finding for it: Vulnerabilities +-----------------------+---------------+----------------------+----------------------+------------------+ | LOCATION ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html
Published: 2019 01 11 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it. Usually found on port 30000 kube-hunter finding for it: Vulnerabilities +-----------------------+---------------+----------------------+----------------------+------------------+ | LOCATION ...
https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html
Published: 2019 01 11 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: Kubernetes Dashboard - published over 5 years ago. Content: Tesla was famously hacked for leaving this open and it's pretty rare to find it exposed externally now but useful to know what it is and what you can do with it. Usually found on port 30000 kube-hunter finding for it: Vulnerabilities +-----------------------+---------------+----------------------+----------------------+------------------+ | LOCATION ... https://blog.carnal0wnage.com/2019/01/kubernetes-kubernetes-dashboard.html Published: 2019 01 11 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: List of ports - published over 5 years ago.
Content: Other Kubernetes ports What are some of the visible ports used in Kubernetes? 44134/tcp - Helmtiller, weave, calico 10250/tcp - kubelet (kublet exploit) No authN, completely open /pods /runningpods /containerLogs 10255/tcp - kublet port (read-only) /stats /metrics /pods 4194/tcp - cAdvisor 2379/tcp - etcd (see it on other ports though) Etcd hold...
https://blog.carnal0wnage.com/2019/01/kubernetes-list-of-ports.html
Published: 2019 01 14 21:31:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Other Kubernetes ports What are some of the visible ports used in Kubernetes? 44134/tcp - Helmtiller, weave, calico 10250/tcp - kubelet (kublet exploit) No authN, completely open /pods /runningpods /containerLogs 10255/tcp - kublet port (read-only) /stats /metrics /pods 4194/tcp - cAdvisor 2379/tcp - etcd (see it on other ports though) Etcd hold...
https://blog.carnal0wnage.com/2019/01/kubernetes-list-of-ports.html
Published: 2019 01 14 21:31:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: List of ports - published over 5 years ago. Content: Other Kubernetes ports What are some of the visible ports used in Kubernetes? 44134/tcp - Helmtiller, weave, calico 10250/tcp - kubelet (kublet exploit) No authN, completely open /pods /runningpods /containerLogs 10255/tcp - kublet port (read-only) /stats /metrics /pods 4194/tcp - cAdvisor 2379/tcp - etcd (see it on other ports though) Etcd hold... https://blog.carnal0wnage.com/2019/01/kubernetes-list-of-ports.html Published: 2019 01 14 21:31:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: unauth kublet API 10250 basic code exec - published over 5 years ago.
Content: Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option. Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the ...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option. Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the ...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: unauth kublet API 10250 basic code exec - published over 5 years ago. Content: Unauth API access (10250) Most Kubernetes deployments provide authentication for this port. But it’s still possible to expose it inadvertently and it's still pretty common to find it exposed via the "insecure API service" option. Everybody who has access to the service kubelet port (10250), even without a certificate, can execute any command inside the ... https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250.html Published: 2019 01 16 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Kubernetes: unauth kublet API 10250 token theft & kubectl - published over 5 years ago.
Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods With that data, you can craft your post request to exec within a pod so we can poke around. Example request: curl -k -XPOST "https://k8-node:102...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods With that data, you can craft your post request to exec within a pod so we can poke around. Example request: curl -k -XPOST "https://k8-node:102...
https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: unauth kublet API 10250 token theft & kubectl - published over 5 years ago. Content: Kubernetes: unauthenticated kublet API (10250) token theft & kubectl access & exec kube-hunter output to get us started: do a curl -s https://k8-node:10250/runningpods/ to get a list of running pods With that data, you can craft your post request to exec within a pod so we can poke around. Example request: curl -k -XPOST "https://k8-node:102... https://blog.carnal0wnage.com/2019/01/kubernetes-unauth-kublet-api-10250_16.html Published: 2019 01 16 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Kubernetes: Kube-Hunter 10255 - published over 5 years ago.
Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint or the /metrics endpoint or the /stats endpoint $ ./kube-hunter.py Choose one of the options below: 1. Remote scanning (scans one or more specific IPs or DNS names) 2. Subnet sc...
https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint or the /metrics endpoint or the /stats endpoint $ ./kube-hunter.py Choose one of the options below: 1. Remote scanning (scans one or more specific IPs or DNS names) 2. Subnet sc...
https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html
Published: 2019 01 16 14:00:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Kubernetes: Kube-Hunter 10255 - published over 5 years ago. Content: Below is some sample output that mainly is here to see what open 10255 will give you and look like. What probably of most interest is the /pods endpoint or the /metrics endpoint or the /stats endpoint $ ./kube-hunter.py Choose one of the options below: 1. Remote scanning (scans one or more specific IPs or DNS names) 2. Subnet sc... https://blog.carnal0wnage.com/2019/01/kubernetes-kube-hunter-10255.html Published: 2019 01 16 14:00:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Abusing Docker API | Socket - published over 5 years ago.
Content: Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything Refs: https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0 https://www.slideshare.net/BorgHan/hacking-docker-the-easy-way https://blog.secureideas.com/2018/05/escaping-the-wha...
https://blog.carnal0wnage.com/2019/02/abusing-docker-api-socket.html
Published: 2019 02 01 13:32:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything Refs: https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0 https://www.slideshare.net/BorgHan/hacking-docker-the-easy-way https://blog.secureideas.com/2018/05/escaping-the-wha...
https://blog.carnal0wnage.com/2019/02/abusing-docker-api-socket.html
Published: 2019 02 01 13:32:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Abusing Docker API | Socket - published over 5 years ago. Content: Notes on abusing open Docker sockets This wont cover breaking out of docker containers Ports: usually 2375 & 2376 but can be anything Refs: https://blog.sourcerer.io/a-crash-course-on-docker-learn-to-swim-with-the-big-fish-6ff25e8958b0 https://www.slideshare.net/BorgHan/hacking-docker-the-easy-way https://blog.secureideas.com/2018/05/escaping-the-wha... https://blog.carnal0wnage.com/2019/02/abusing-docker-api-socket.html Published: 2019 02 01 13:32:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - messing with new exploits pt1 - published about 5 years ago.
Content: Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including ...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html
Published: 2019 02 26 18:46:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including ...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html
Published: 2019 02 26 18:46:00
Received: 2023 03 31 08:24:33
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - messing with new exploits pt1 - published about 5 years ago. Content: Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including ... https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-new-exploits-pt1.html Published: 2019 02 26 18:46:00 Received: 2023 03 31 08:24:33 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published about 5 years ago.
Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the following exploit came up while searching. What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploi...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html
Published: 2019 02 27 20:23:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the following exploit came up while searching. What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploi...
https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html
Published: 2019 02 27 20:23:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - messing with exploits pt2 - CVE-2019-1003000 - published about 5 years ago. Content: After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post and tweet the following exploit came up while searching. What I have figured out that is important is the plug versions as it relates to these latest round of Jenkins exploi... https://blog.carnal0wnage.com/2019/02/jenkins-messing-with-exploits-pt2-cve.html Published: 2019 02 27 20:23:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins Master Post - published about 5 years ago.
Content: A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins...
https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html
Published: 2019 02 27 21:46:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins...
https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html
Published: 2019 02 27 21:46:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins Master Post - published about 5 years ago. Content: A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins... https://blog.carnal0wnage.com/2019/02/jenkins-master-post.html Published: 2019 02 27 21:46:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published about 5 years ago.
Content: API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials. Affected versions All Jenkins main line releases up to and including 1.63...
https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html
Published: 2019 02 28 00:14:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials. Affected versions All Jenkins main line releases up to and including 1.63...
https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html
Published: 2019 02 28 00:14:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - SECURITY-200 / CVE-2015-5323 PoC - published about 5 years ago. Content: API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission to admins, this allowed admins to run scripts with another user’s credentials. Affected versions All Jenkins main line releases up to and including 1.63... https://blog.carnal0wnage.com/2019/02/jenkins-security-200-cve-2015-5323-poc.html Published: 2019 02 28 00:14:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published about 5 years ago.
Content: Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 Burp output Validate new token works ...
https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html
Published: 2019 02 28 00:51:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 Burp output Validate new token works ...
https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html
Published: 2019 02 28 00:51:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - SECURITY-180/CVE-2015-1814 PoC - published about 5 years ago. Content: Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 PoC Tested against Jenkins 1.605 Burp output Validate new token works ... https://blog.carnal0wnage.com/2019/02/jenkins-security-180cve-2015-1814-poc.html Published: 2019 02 28 00:51:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - decrypting credentials.xml - published about 5 years ago.
Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.Secret Screenshot...
https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html
Published: 2019 02 28 15:22:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.Secret Screenshot...
https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html
Published: 2019 02 28 15:22:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - decrypting credentials.xml - published about 5 years ago. Content: If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You need to perform this on the the Jenkins system itself as it's using the local master.key and hudson.util.Secret Screenshot... https://blog.carnal0wnage.com/2019/02/jenkins-decrypting-credentialsxml.html Published: 2019 02 28 15:22:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Jenkins - Identify IP Addresses of nodes - published about 5 years ago.
Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI. Stackoverflow link: https://stackoverflow.com/questions/149303...
https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html
Published: 2019 03 05 02:16:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI. Stackoverflow link: https://stackoverflow.com/questions/149303...
https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html
Published: 2019 03 05 02:16:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - Identify IP Addresses of nodes - published about 5 years ago. Content: While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes. You might want to know this if you read the decrypting credentials post and managed to get yourself some ssh keys for nodes but you cant actually see the node's IP in the Jenkins UI. Stackoverflow link: https://stackoverflow.com/questions/149303... https://blog.carnal0wnage.com/2019/03/jenkins-identify-ip-addresses-of-nodes.html Published: 2019 03 05 02:16:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - messing with exploits pt3 - CVE-2019-1003000 - published about 5 years ago.
Content: References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to and including 1.3.4 Pipeline: Groovy Plugin up to and including 2.61 Script Secur...
https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html
Published: 2019 03 05 03:26:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to and including 1.3.4 Pipeline: Groovy Plugin up to and including 2.61 Script Secur...
https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html
Published: 2019 03 05 03:26:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - messing with exploits pt3 - CVE-2019-1003000 - published about 5 years ago. Content: References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html This post covers the Orange Tsai Jenkins pre-auth exploit Vuln versions: Jenkins < 2.137 (preauth) Pipeline: Declarative Plugin up to and including 1.3.4 Pipeline: Groovy Plugin up to and including 2.61 Script Secur... https://blog.carnal0wnage.com/2019/03/jenkins-messing-with-exploits-pt3-cve.html Published: 2019 03 05 03:26:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Jenkins - CVE-2018-1000600 PoC - published about 5 years ago.
Content: second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915 This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new j...
https://blog.carnal0wnage.com/2019/03/jenkins-cve-2018-1000600-poc.html
Published: 2019 03 05 19:01:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915 This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new j...
https://blog.carnal0wnage.com/2019/03/jenkins-cve-2018-1000600-poc.html
Published: 2019 03 05 19:01:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Jenkins - CVE-2018-1000600 PoC - published about 5 years ago. Content: second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CVE-2018-1000600 to a Pre-auth Fully-responded SSRF https://jenkins.io/security/advisory/2018-06-25/#SECURITY-915 This affects the GitHub plugin that is installed by default. However, I learned that when you spin up a new j... https://blog.carnal0wnage.com/2019/03/jenkins-cve-2018-1000600-poc.html Published: 2019 03 05 19:01:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: Minecraft Mod, Mother's Day, and A Hacker Dad - published about 5 years ago.
Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate. When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these ...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html
Published: 2019 05 13 15:59:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate. When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these ...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html
Published: 2019 05 13 15:59:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Minecraft Mod, Mother's Day, and A Hacker Dad - published about 5 years ago. Content: Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day weekend - less than ideal situation - I needed to keep my son as occupied as possible so she could rest and recuperate. When I asked my son what he wanted to do, he responded with a new Minecraft mod he'd seen on one of these ... https://blog.carnal0wnage.com/2019/05/minecraft-mod-mothers-day-and-hacker-dad.html Published: 2019 05 13 15:59:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Minecraft Mod, Follow up, and Java Reflection - published about 5 years ago.
Content: After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggesti...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-follow-up-and-java.html
Published: 2019 05 14 19:17:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggesti...
https://blog.carnal0wnage.com/2019/05/minecraft-mod-follow-up-and-java.html
Published: 2019 05 14 19:17:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Minecraft Mod, Follow up, and Java Reflection - published about 5 years ago. Content: After yesterday's post, I received a ton of interesting and creative responses regarding how to get around the mod's restrictions which is what I love about our community. Mubix was the first person to reach out and suggest hijacking calls to Pastebin using /etc/hosts (which I did try but was having some wonky behavior with OSX) and there were other suggesti... https://blog.carnal0wnage.com/2019/05/minecraft-mod-follow-up-and-java.html Published: 2019 05 14 19:17:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Devoops: Nomad with raw_exec enabled - published over 4 years ago.
Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators......
https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html
Published: 2019 12 16 16:43:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators......
https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html
Published: 2019 12 16 16:43:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: Devoops: Nomad with raw_exec enabled - published over 4 years ago. Content: "Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy application using a single, unified workflow. Nomad can run a diverse workload of Docker, non-containerized, microservice, and batch applications, and generally offers the following benefits to developers and operators...... https://blog.carnal0wnage.com/2019/12/devoops-nomad-with-rawexec-enabled.html Published: 2019 12 16 16:43:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
Article: What is your GCP infra worth?...about ~$700 [Bugbounty] - published about 4 years ago.
Content: BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Critical 23 Oct 2019 validated as fixed 30 Oct 2019 Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019 Information provided for payment 16 Nov 2019 13 March 2020 - Never paid - blog post posted 19 March 2020 - received...
https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html
Published: 2020 03 14 02:10:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Critical 23 Oct 2019 validated as fixed 30 Oct 2019 Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019 Information provided for payment 16 Nov 2019 13 March 2020 - Never paid - blog post posted 19 March 2020 - received...
https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html
Published: 2020 03 14 02:10:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: What is your GCP infra worth?...about ~$700 [Bugbounty] - published about 4 years ago. Content: BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Critical 23 Oct 2019 validated as fixed 30 Oct 2019 Bounty amount stated (IDR 10.000.000 = ~700 USD) 12 Nov 2019 Information provided for payment 16 Nov 2019 13 March 2020 - Never paid - blog post posted 19 March 2020 - received... https://blog.carnal0wnage.com/2020/03/what-is-your-gcp-infra-worthabout-700.html Published: 2020 03 14 02:10:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ - published about 4 years ago.
Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true...
https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html
Published: 2020 04 27 16:36:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true...
https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html
Published: 2020 04 27 16:36:00
Received: 2023 03 31 08:24:32
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
|
Article: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ - published about 4 years ago. Content: The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I tell most people it’s fundamentally changed my life and how I look at the world. I’m also a hacker and I’m constantly thinking about how to apply metaphysical or spiritual concepts into my daily life. Because if they are true... https://blog.carnal0wnage.com/2020/04/the-duality-of-attackers-or-why-bad.html Published: 2020 04 27 16:36:00 Received: 2023 03 31 08:24:32 Feed: Carnal0wnage and Attack Research Blog Source: Carnal0wnage and Attack Research Blog Category: News Topic: Hacking |
|
Article: Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire - published about 1 year ago.
Content:
https://go.theregister.com/feed/www.theregister.com/2023/03/31/winter_vivern_european_goverments/
Published: 2023 03 31 07:30:08
Received: 2023 03 31 07:44:08
Feed: The Register - Security
Source: The Register - Security
Category: Cyber Security
Topic: Cyber Security
Content:
https://go.theregister.com/feed/www.theregister.com/2023/03/31/winter_vivern_european_goverments/
Published: 2023 03 31 07:30:08
Received: 2023 03 31 07:44:08
Feed: The Register - Security
Source: The Register - Security
Category: Cyber Security
Topic: Cyber Security
|
Article: Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire - published about 1 year ago. Content: https://go.theregister.com/feed/www.theregister.com/2023/03/31/winter_vivern_european_goverments/ Published: 2023 03 31 07:30:08 Received: 2023 03 31 07:44:08 Feed: The Register - Security Source: The Register - Security Category: Cyber Security Topic: Cyber Security |
Article: Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife - published about 1 year ago.
Content: submitted by /u/EspoJ [link] [comments]
https://www.reddit.com/r/netsec/comments/126oduw/dissecting_alienfox_the_cloud_spammers_swiss_army/
Published: 2023 03 30 14:13:50
Received: 2023 03 31 07:43:57
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
Content: submitted by /u/EspoJ [link] [comments]
https://www.reddit.com/r/netsec/comments/126oduw/dissecting_alienfox_the_cloud_spammers_swiss_army/
Published: 2023 03 30 14:13:50
Received: 2023 03 31 07:43:57
Feed: /r/netsec - Information Security News and Discussion
Source: /r/netsec - Information Security News and Discussion
Category: Cyber Security
Topic: Cyber Security
|
Article: Dissecting AlienFox | The Cloud Spammer’s Swiss Army Knife - published about 1 year ago. Content: submitted by /u/EspoJ [link] [comments] https://www.reddit.com/r/netsec/comments/126oduw/dissecting_alienfox_the_cloud_spammers_swiss_army/ Published: 2023 03 30 14:13:50 Received: 2023 03 31 07:43:57 Feed: /r/netsec - Information Security News and Discussion Source: /r/netsec - Information Security News and Discussion Category: Cyber Security Topic: Cyber Security |
|
Article: The Risk and Reward of ChatGPT in Cybersecurity - published about 1 year ago.
Content:
https://www.silicon.co.uk/expert-advice/the-risk-and-reward-of-chatgpt-in-cybersecurity
Published: 2023 03 30 14:03:45
Received: 2023 03 31 07:43:34
Feed: Silicon UK – Security
Source: Silicon UK
Category: News
Topic: Cyber Security
Content:
https://www.silicon.co.uk/expert-advice/the-risk-and-reward-of-chatgpt-in-cybersecurity
Published: 2023 03 30 14:03:45
Received: 2023 03 31 07:43:34
Feed: Silicon UK – Security
Source: Silicon UK
Category: News
Topic: Cyber Security
|
Article: The Risk and Reward of ChatGPT in Cybersecurity - published about 1 year ago. Content: https://www.silicon.co.uk/expert-advice/the-risk-and-reward-of-chatgpt-in-cybersecurity Published: 2023 03 30 14:03:45 Received: 2023 03 31 07:43:34 Feed: Silicon UK – Security Source: Silicon UK Category: News Topic: Cyber Security |
|
Article: Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire - published about 1 year ago.
Content:
https://go.theregister.com/feed/www.theregister.com/2023/03/31/winter_vivern_european_goverments/
Published: 2023 03 31 07:30:08
Received: 2023 03 31 07:42:50
Feed: The Register - Security
Source: The Register
Category: News
Topic: Cyber Security
Content:
https://go.theregister.com/feed/www.theregister.com/2023/03/31/winter_vivern_european_goverments/
Published: 2023 03 31 07:30:08
Received: 2023 03 31 07:42:50
Feed: The Register - Security
Source: The Register
Category: News
Topic: Cyber Security
|
Article: Pro-Russia cyber gang Winter Vivern puts US, Euro lawmakers in line of fire - published about 1 year ago. Content: https://go.theregister.com/feed/www.theregister.com/2023/03/31/winter_vivern_european_goverments/ Published: 2023 03 31 07:30:08 Received: 2023 03 31 07:42:50 Feed: The Register - Security Source: The Register Category: News Topic: Cyber Security |
Article: Staying Safe in Our New AI World: How Organisations Can Protect Themselves - published about 1 year ago.
Content:
https://www.silicon.co.uk/expert-advice/staying-safe-in-our-new-ai-world-how-organisations-can-protect-themselves
Published: 2023 03 30 14:44:51
Received: 2023 03 31 07:23:32
Feed: Silicon UK – Security
Source: Silicon UK
Category: News
Topic: Cyber Security
Content:
https://www.silicon.co.uk/expert-advice/staying-safe-in-our-new-ai-world-how-organisations-can-protect-themselves
Published: 2023 03 30 14:44:51
Received: 2023 03 31 07:23:32
Feed: Silicon UK – Security
Source: Silicon UK
Category: News
Topic: Cyber Security
|
Article: Staying Safe in Our New AI World: How Organisations Can Protect Themselves - published about 1 year ago. Content: https://www.silicon.co.uk/expert-advice/staying-safe-in-our-new-ai-world-how-organisations-can-protect-themselves Published: 2023 03 30 14:44:51 Received: 2023 03 31 07:23:32 Feed: Silicon UK – Security Source: Silicon UK Category: News Topic: Cyber Security |
|
Article: iPhone 15 Pro Solid-State Button Sensitivity Can Be Customized to Cater for Cases and Gloves - published about 1 year ago.
Content:
https://www.macrumors.com/2023/03/31/iphone-15-pro-solid-state-button-sensitivity/
Published: 2023 03 31 06:36:02
Received: 2023 03 31 06:46:20
Feed: MacRumors : Mac News and Rumors
Source: MacRumors : Mac News and Rumors
Category: News
Topic: Cyber Security
Content:
https://www.macrumors.com/2023/03/31/iphone-15-pro-solid-state-button-sensitivity/
Published: 2023 03 31 06:36:02
Received: 2023 03 31 06:46:20
Feed: MacRumors : Mac News and Rumors
Source: MacRumors : Mac News and Rumors
Category: News
Topic: Cyber Security
|
Article: iPhone 15 Pro Solid-State Button Sensitivity Can Be Customized to Cater for Cases and Gloves - published about 1 year ago. Content: https://www.macrumors.com/2023/03/31/iphone-15-pro-solid-state-button-sensitivity/ Published: 2023 03 31 06:36:02 Received: 2023 03 31 06:46:20 Feed: MacRumors : Mac News and Rumors Source: MacRumors : Mac News and Rumors Category: News Topic: Cyber Security |
|
Article: Apple's iOS 16.4: Security Updates Are Better Than a Goose Emoji - published about 1 year ago.
Content:
https://www.wired.com/story/ios-16-4-outlook-android-critical-update-march-2023/
Published: 2023 03 31 06:00:00
Received: 2023 03 31 06:03:06
Feed: Wired.com – Security Feed
Source: Wired
Category: News
Topic: Cyber Security
Content:
https://www.wired.com/story/ios-16-4-outlook-android-critical-update-march-2023/
Published: 2023 03 31 06:00:00
Received: 2023 03 31 06:03:06
Feed: Wired.com – Security Feed
Source: Wired
Category: News
Topic: Cyber Security
|
Article: Apple's iOS 16.4: Security Updates Are Better Than a Goose Emoji - published about 1 year ago. Content: https://www.wired.com/story/ios-16-4-outlook-android-critical-update-march-2023/ Published: 2023 03 31 06:00:00 Received: 2023 03 31 06:03:06 Feed: Wired.com – Security Feed Source: Wired Category: News Topic: Cyber Security |
Article: Sundry Files - 274,461 breached accounts - published about 1 year ago.
Content:
https://haveibeenpwned.com/PwnedWebsites#SundryFiles
Published: 2023 03 31 04:51:11
Received: 2023 03 31 05:46:26
Feed: Have I Been Pwned latest breaches
Source: Have I Been Pwned
Category: Data Breaches
Topic: Data Breaches
Content:
https://haveibeenpwned.com/PwnedWebsites#SundryFiles
Published: 2023 03 31 04:51:11
Received: 2023 03 31 05:46:26
Feed: Have I Been Pwned latest breaches
Source: Have I Been Pwned
Category: Data Breaches
Topic: Data Breaches
|
Article: Sundry Files - 274,461 breached accounts - published about 1 year ago. Content: https://haveibeenpwned.com/PwnedWebsites#SundryFiles Published: 2023 03 31 04:51:11 Received: 2023 03 31 05:46:26 Feed: Have I Been Pwned latest breaches Source: Have I Been Pwned Category: Data Breaches Topic: Data Breaches |
|
Article: Overcoming obstacles to introduce zero-trust security in established systems - published about 1 year ago.
Content:
https://www.helpnetsecurity.com/2023/03/31/michal-cizek-goodaccess-introduce-zero-trust-security/
Published: 2023 03 31 05:00:00
Received: 2023 03 31 05:42:34
Feed: Help Net Security - News
Source: Help Net Security - News
Category: Cyber Security
Topic: Cyber Security
Content:
https://www.helpnetsecurity.com/2023/03/31/michal-cizek-goodaccess-introduce-zero-trust-security/
Published: 2023 03 31 05:00:00
Received: 2023 03 31 05:42:34
Feed: Help Net Security - News
Source: Help Net Security - News
Category: Cyber Security
Topic: Cyber Security
|
Article: Overcoming obstacles to introduce zero-trust security in established systems - published about 1 year ago. Content: https://www.helpnetsecurity.com/2023/03/31/michal-cizek-goodaccess-introduce-zero-trust-security/ Published: 2023 03 31 05:00:00 Received: 2023 03 31 05:42:34 Feed: Help Net Security - News Source: Help Net Security - News Category: Cyber Security Topic: Cyber Security |
|
Article: New infosec products of the week: March 31, 2023 - published about 1 year ago.
Content:
https://www.helpnetsecurity.com/2023/03/31/new-infosec-products-of-the-week-march-31-2023/
Published: 2023 03 31 05:03:42
Received: 2023 03 31 05:42:34
Feed: Help Net Security - News
Source: Help Net Security - News
Category: Cyber Security
Topic: Cyber Security
Content:
https://www.helpnetsecurity.com/2023/03/31/new-infosec-products-of-the-week-march-31-2023/
Published: 2023 03 31 05:03:42
Received: 2023 03 31 05:42:34
Feed: Help Net Security - News
Source: Help Net Security - News
Category: Cyber Security
Topic: Cyber Security
|
Article: New infosec products of the week: March 31, 2023 - published about 1 year ago. Content: https://www.helpnetsecurity.com/2023/03/31/new-infosec-products-of-the-week-march-31-2023/ Published: 2023 03 31 05:03:42 Received: 2023 03 31 05:42:34 Feed: Help Net Security - News Source: Help Net Security - News Category: Cyber Security Topic: Cyber Security |
Article: CVE-2023-28883 (cerebrate) - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28883
Published: 2023 03 27 03:15:07
Received: 2023 03 31 05:16:40
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28883
Published: 2023 03 27 03:15:07
Received: 2023 03 31 05:16:40
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-28883 (cerebrate) - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28883 Published: 2023 03 27 03:15:07 Received: 2023 03 31 05:16:40 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-28756 - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28756
Published: 2023 03 31 04:15:09
Received: 2023 03 31 05:16:39
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28756
Published: 2023 03 31 04:15:09
Received: 2023 03 31 05:16:39
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-28756 - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28756 Published: 2023 03 31 04:15:09 Received: 2023 03 31 05:16:39 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-28755 - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28755
Published: 2023 03 31 04:15:09
Received: 2023 03 31 05:16:39
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28755
Published: 2023 03 31 04:15:09
Received: 2023 03 31 05:16:39
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-28755 - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28755 Published: 2023 03 31 04:15:09 Received: 2023 03 31 05:16:39 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2023-27096 (hippo4j) - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27096
Published: 2023 03 27 14:15:08
Received: 2023 03 31 05:16:31
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27096
Published: 2023 03 27 14:15:08
Received: 2023 03 31 05:16:31
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-27096 (hippo4j) - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27096 Published: 2023 03 27 14:15:08 Received: 2023 03 31 05:16:31 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-26959 (park_ticketing_management_system) - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26959
Published: 2023 03 27 14:15:07
Received: 2023 03 31 05:16:30
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26959
Published: 2023 03 27 14:15:07
Received: 2023 03 31 05:16:30
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-26959 (park_ticketing_management_system) - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26959 Published: 2023 03 27 14:15:07 Received: 2023 03 31 05:16:30 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-24094 (routeros) - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24094
Published: 2023 03 27 14:15:07
Received: 2023 03 31 05:16:16
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24094
Published: 2023 03 27 14:15:07
Received: 2023 03 31 05:16:16
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-24094 (routeros) - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24094 Published: 2023 03 27 14:15:07 Received: 2023 03 31 05:16:16 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2023-22902 (mail2000) - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22902
Published: 2023 03 27 04:15:09
Received: 2023 03 31 05:16:15
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22902
Published: 2023 03 27 04:15:09
Received: 2023 03 31 05:16:15
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-22902 (mail2000) - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-22902 Published: 2023 03 27 04:15:09 Received: 2023 03 31 05:16:15 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-1762 - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1762
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1762
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-1762 - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1762 Published: 2023 03 31 02:15:06 Received: 2023 03 31 05:16:13 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-1761 - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1761
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1761
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-1761 - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1761 Published: 2023 03 31 02:15:06 Received: 2023 03 31 05:16:13 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
Article: CVE-2023-1760 - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1760
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1760
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-1760 - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1760 Published: 2023 03 31 02:15:06 Received: 2023 03 31 05:16:13 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-1759 - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1759
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1759
Published: 2023 03 31 02:15:06
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-1759 - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1759 Published: 2023 03 31 02:15:06 Received: 2023 03 31 05:16:13 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
|
Article: CVE-2023-1755 - published about 1 year ago.
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1755
Published: 2023 03 31 01:15:09
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
Content:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1755
Published: 2023 03 31 01:15:09
Received: 2023 03 31 05:16:13
Feed: National Vulnerability Database
Source: National Vulnerability Database
Category: Alerts
Topic: Vulnerabilities
|
Article: CVE-2023-1755 - published about 1 year ago. Content: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1755 Published: 2023 03 31 01:15:09 Received: 2023 03 31 05:16:13 Feed: National Vulnerability Database Source: National Vulnerability Database Category: Alerts Topic: Vulnerabilities |
All Articles
Ordered by Date Received
: Year: "2023"
Month: "03"
Day: "31"
Page:
<<
<
8 (of 9)
>
>>
Total Articles in this collection: 455
- "All Articles" links back to the front page, effectivly the Planet "Home Page"; shows all articles, with no selections, or groupings.
- Default date ordering is by "Received Date" (due to not all RSS feeds having a "Published Date").
- Only Published Date selections use the articles Published Date.
- The first page always shows fifty items plus from zero to up to a remaining forty-nine items, before they are commited permently to the next page.
- All subsequent pages show fifty items.
- Pagination is in reverse ordering (so that pages are permamenent links, aka "permalinks", to their content).
- "<<" moves you to the first page (aka newest articles)
- ">>" moves you to the last page (aka oldest articles)
- "<" moves you to the previous page (aka newer articles)
- ">" moves you to the next page (aka older articles)
- Return to the top of this page Go Now
