Rakkess – Kubectl Plugin To Show An Access Matrix For K8S Server Resources

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- Review Access - kubectl plugin to show an access matrix for server resourcesIntroHave you ever wondered what access rights you have on a provided kubernetes cluster? For single resources you can use kubectl auth can-i list deployments, but maybe you are looking for a complete overview? This is what rakkess is … Continue reading Rakkess – Kubectl Plugin To Show An Access Matrix For K8S Server Resources

Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor

~ Dade Murphy ~ Leave a comment

The Hacker News-- A cybercrime group that has previously struck Docker and Kubernetes cloud environments has evolved to repurpose genuine cloud monitoring tools as a backdoor to carry out malicious attacks, according to new research. "To our knowledge, this is the first time attackers have been caught using legitimate third party software to target cloud … Continue reading Cybercriminals Are Using Legit Cloud Monitoring Tools As Backdoor

Browsertunnel – Surreptitiously Exfiltrate Data From The Browser Over DNS

~ Dade Murphy ~ Leave a comment

KitPloit - PenTest Tools!-- Browsertunnel is a tool for exfiltrating data from the browser using the DNS protocol. It achieves this by abusing dns-prefetch, a feature intended to reduce the perceived latency of websites by doing DNS lookups in the background for specified domains. DNS traffic does not appear in the browser's debugging tools, is … Continue reading Browsertunnel – Surreptitiously Exfiltrate Data From The Browser Over DNS

Microsoft Releases September 2020 Security Patches For 129 Flaws

~ Dade Murphy ~ Leave a comment

The Hacker News-- As part of this month's Patch Tuesday, Microsoft today released a fresh batch of security updates to fix a total of 129 newly discovered security vulnerabilities affecting various versions of its Windows operating systems and related software. Of the 129 bugs spanning its various products — Microsoft Windows, Edge browser, Internet Explorer, … Continue reading Microsoft Releases September 2020 Security Patches For 129 Flaws

TryHackMe Mr. Robot Machine.

~ Dade Murphy ~ Leave a comment

InfoSec Write-ups - Medium-- Retrieved from tryhackme.comTo hit the ground running on exploiting the Mr. Robot machine we need some information on the target, so let’s run some basic scans which will reveal potential attack vectors. I usually start with a couple of Nmap scans:nmap -sC -sV -O <ip-address> -oN basic_scan.nmapnmap — script=vuln <ip-address> -oN vuln_scan.nmapThe following screenshot … Continue reading TryHackMe Mr. Robot Machine.