I watched a good DEF CON video on abusing public AWS Snapshots https://www.youtube.com/watch?v=-LGR63yCTts I, of course, wanted to check thi...

The Duality of Attackers - Or Why Bad Guys are a Good Thing™ It’s no secret I've been on a spiritual journey the last few years. I ...

BugBounty story #bugbountytips A fixed but they didn't pay the bugbounty story... Timeline: reported 21 Oct 2019 validated at Cr...

"Nomad is a flexible container orchestration tool that enables an organization to easily deploy and manage any containerized or legacy...

After yesterday's post , I received a ton of interesting and creative responses regarding how to get around the mod's restrictions w...

Over the weekend my wife was feeling under the weather. This meant we were stuck indoors and since she is sick and it's Mother's day...

second exploit from the blog post https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Chained with CV...

References: https://www.exploit-db.com/exploits/46453 http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html...

While doing some research I found several posts on stackoverflow asking how to identify the IP address of nodes.  You might want to know thi...

If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way...