I'm happy to publish a blog post regarding some Red Team tradecraft around Slack Impersonation tthat I've been working on. Please see https://t.co/bF41YEiQyr for more info.
Big thanks @TTimzen@r00tkillah@dejandayoff for their help.
This was a fun one to find, Arbitrary File Read via Symbolic links in @cncfartifacthub https://t.co/YnQWaRDFuc Also found SSRF via Rego Policy (https://t.co/HRxeqIzLWu) and Docker Credential Hijacking (https://t.co/Uqu76KNsfa)
I'm not good at bragging, but I'm proud of this. I discovered an authentication bypass vulnerability which leads compromise of a K8s Cluster. I flexed some new muscles and learned to reverse a go binary. https://t.co/l6q7D2BeDW Kudos to @SUSE and @NeuVector for the quick fix!
In case you want a more traditional prompt for your @kalilinux terminal screenshots, pressing Ctrl+P switches it instantly 😌👌
You can permanently configure it and much more with the new kali-tweaks command
A few quick posts for the "Beyond the good ol' LaunchAgents" series.
Ideas from @0xdade, @bradleyjkemp and @dejandayoff
Part 6: SSHRC - https://t.co/xzlWq44LK9
Part 7: xbar - https://t.co/d3fIsmOqk3
Part 8: Hammerspoon - https://t.co/dOSwnsXcTE
@dougducey@AZDHS I was able to schedule an appt for a family member who is 65+ on 2/27. There was several appts available but I had to keep clicking search multiple times for it to pop up.
AWAE content developer @dejandayoff discovered and reported an authentication bypass vulnerability in Wekan. Check out the walkthrough: https://t.co/GJYzWk7kxk