Using a honeypot/honeyservice/honeytoken is one of the simplest and most impactful security actions one can take. Thinkst Canary has proven this over a number of years and continues to lead the field. Taking inspiration from what Thinkst has done and combining this with their idea of “honey tokens” for cloud services, I wrote metatrapd a couple of years back. Finally I’m making this public, maybe it will be useful to someone....
A couple of years ago I wrote a universal YAML.load deserialization RCE gadget based on the work by Luke Jahnke from elttam. This has since been patched and no longer works on Ruby versions after 2.7.2 and Rails 6.1. Fortunately, William Bowling (vakzz) has found a new gadget chain that works on all Ruby versions 2.x - 3.x. His write-up for this is excellent and I highly recommend you give it a read: https://devcraft....
Este año está siendo una locura, espero que todos estéis bien y que el resto del año vaya mejor. Este es mi primer y probablemente único post del año (y el primero en español). Voy a hablar sobre una vulnerabilidad que hallé en Postgresql, y que afecta a todas las versiones desde la 9.5, y probablemente también, las versiones anteriores. La vulnerabilidad es similar a una “time-of-check to time-of-use (TOCTOU)” que también puede ser descrita como la falta de reinicio del estado antes de salir de una operación restringida....
It has been quite a year, I hope everyone is well and staying safe. This is my first and probably only post for the year, and covers a fun privilege escalation vulnerability I found in Postgresql. This affects all supported versions of Postgresql going back to 9.5, it is likely it affects most earlier versions as well. The vulnerability is similar to a time-of-check to time-of-use (TOCTOU) issue, however in this case it relates to state not being fully cleared/reset before exiting a security restricted operation....
Earlier in the year, while doing some research for my talk at Troopers 2019, in which I examined build systems and the how git can cause security issues, I found a git related vulnerability in Docker. This vulnerability has since been assigned CVE-2019-13139 and was patched in the Docker engine update 18.09.4. The issue is a relative straight forward command injection, however, what possibly makes it a little more interesting is that it occurs in a Go code base....