/series/security/ Recent content in security on Georg Pauer Hugo -- gohugo.io en-us Mon, 13 Jan 2025 00:00:00 +0000 /posts/outdated-infrastructure-references/ Mon, 13 Jan 2025 00:00:00 +0000 /posts/outdated-infrastructure-references/ While a lot of internet infrastructure is build on HTTP, things change occasional even a 301 leads to an 404. If there is at least some DNS entry and a server answering. A few NXDOMAIN later this led me to the rabbit hole of systematic approaches about abandoned infrastructure. While domain sniping is so common there is even a Wikipedia entry and is (as far as I observed) often used to farm the traffic for advertisements. /posts/k8s-security-learning2/ Fri, 26 Jul 2024 00:00:00 +0000 /posts/k8s-security-learning2/ More resources to have fun with kubernetes from a security point of view and for learning: challenges If you had fun with the Damn Vulnerable Web Application (DVWA), there is something equivalent for Kubernetes from Madhu Akula: Kubernetes Goat. You can also deploy your own playground. K8S lan party seems also quite promising. (from Wiz) tooling offensive Peirates is a bit alike a (still lightweight) Metasploit (payload) for k8s. One “batteries included” binary. /posts/ssh-usage-hints/ Sun, 10 Mar 2024 00:00:00 +0000 /posts/ssh-usage-hints/ After some ssh -fNT -L 6443:10.0.6.2:6443 bastion & again, it is probably time to refer to some SSH hints. Yes, everything is referenced in the man ssh page. But sometimes I am lazy, too. (And for now I blissfully ignore, that there are multiple ssh implementations and focus just on the using ssh part) ProxyJump is probably my most used ssh config for ssh (just after User and having a nice alias). /posts/tls-notes/ Sat, 09 Mar 2024 00:00:00 +0000 /posts/tls-notes/ Sometimes you need to debug a generated TLS certificate. I always forget CLI arguments, thus as a reminder for myself: Let’s create a dummy RSA certificate for testing with openssl, quick and dirty openssl genpkey -algorithm RSA -out privatekey.pem -pkeyopt rsa_keygen_bits:4096 create an RSA based key openssl req -new -key privatekey.pem -out certrequest.csr interactive generate the cert request. You can review it later with openssl req -text -noout -in certrequest.csr. /posts/embedded-bare-git-repositories/ Sun, 29 Oct 2023 00:00:00 +0000 /posts/embedded-bare-git-repositories/ Have you ever wondered, why your IDE asks you, if you “trust” the code you checked out via git? While the risks of embedded bare repositories is well described (more details here), I suspect that it will stay exploitable for quite some time. There is an opt-in mitigation in setting safe.bareRepository to explicit with git 2.38.0. Also a proof of concept is available. Just don’t forget the even more obvious risk with . /posts/thread-modeling-101-german/ Thu, 10 Aug 2023 00:00:00 +0000 /posts/thread-modeling-101-german/ I really like the Threat Modeling 101 – Wie fange ich eigentlich an? blogpost from Kevin Peters at CodeCentric for a nice, still high level overview: following the OWASP thread modeling four question framework: What are we working on? What can go wrong? What are we going to do about it? Did we do a good job? OWASP Threat Dragon as modelling tool including data flow, data transforming processes and external services with the different focus asset orientated - what do we even want to protect? /posts/gpn21/ Thu, 15 Jun 2023 00:00:00 +0000 /posts/gpn21/ recordings from GPN21 are online. (Already enjoyed From 0 to Kubernetes, Modern Observability .. LGTM Stack, buffer overflow, Seitenkanalanalyse der SHAKE-Funktion in CRYSTALS-Dilithium, mit Mathematik API übernehmen - more to follow 😀 ) O-Auth intro /posts/crypto-near-miss/ Tue, 16 May 2023 00:00:00 +0000 /posts/crypto-near-miss/ A write up/post-mortem: “A Cryptographic Near Miss” about a vulnerability in Go crypto/elliptic /posts/ebpf-intro/ Mon, 17 Apr 2023 00:00:00 +0000 /posts/ebpf-intro/ In order to get on track with eBPF maybe check out the book by Liz Rice. /posts/k8s-security-learning/ Fri, 04 Nov 2022 00:00:00 +0000 /posts/k8s-security-learning/ on hackingkubernetes you can get the first half of the ORlly book “Hacking Kubernetes”, so the pod & runtime specific part, as well as supply chain related: controlplaneio/simulator - simulator setup for creating environments, where you can try attacking and debugging k8s (a bit AWS specific) /posts/yubikey/ Mon, 19 Sep 2022 00:00:00 +0000 /posts/yubikey/ hints for ssh & yubikey /posts/selinuxgame/ Wed, 27 Apr 2022 00:00:00 +0000 /posts/selinuxgame/ SELinuxGame might be worth some time (e.g. CTF preparation) /posts/evil-compiler/ Tue, 19 Apr 2022 00:00:00 +0000 /posts/evil-compiler/ In 1984 was a nice idea at turing award acceptance speech how an evil compiler can do a supply chain attack. Here is a proof of concept /posts/bash-pipe-failures/ Wed, 13 Apr 2022 00:00:00 +0000 /posts/bash-pipe-failures/ Bash Pipes and how failures do (not) cascade: rachelbythebay - and remember set -o pipefail (and of cause -eu, too). But be aware, that this is not bullet prove. /posts/escaping-containers-with-cve-2022-0492/ Tue, 08 Mar 2022 00:00:00 +0000 /posts/escaping-containers-with-cve-2022-0492/ Escaping privileged containers for fun with CVE-2022-0492 /posts/rc3-nowhere-suggestions/ Sun, 09 Jan 2022 00:00:00 +0000 /posts/rc3-nowhere-suggestions/ from rC3 nowhere: Kubernetes security (more recordings at media.ccc.de: algebra in “Math for Hackers”, some more security relevant stuff, social, infrastructure and so much more) /posts/code-injection-by-unicode-formating/ Mon, 01 Nov 2021 00:00:00 +0000 /posts/code-injection-by-unicode-formating/ code injection by unicode formating: paper and short web version /posts/arm-only-buffer-overflows/ Tue, 26 Oct 2021 00:00:00 +0000 /posts/arm-only-buffer-overflows/ ARM only BufferOverflows + exploit write up /posts/how-to-bash-script/ Tue, 05 Oct 2021 00:00:00 +0000 /posts/how-to-bash-script/ From the OSAD (Open Source Automation Days): how to script bash in 2021 (error checking, speedup, data types, fake namespaces,..) /posts/writeup-from-stolen-laptop-to-inside-the-company-network/ Thu, 29 Jul 2021 00:00:00 +0000 /posts/writeup-from-stolen-laptop-to-inside-the-company-network/ Why ISMS is worried about hardware theft: from stolen laptop to inside the company network. /posts/memory-leak-with-c++-runtime/ Wed, 23 Jun 2021 00:00:00 +0000 /posts/memory-leak-with-c++-runtime/ A nice example how to memory leak with the C++ runtime. /posts/homomorpic-encryption/ Wed, 16 Jun 2021 00:00:00 +0000 /posts/homomorpic-encryption/ Google has some source code for homomorphic encryption (an FEH compiler for C++). /posts/cli-secrets/ Mon, 14 Jun 2021 00:00:00 +0000 /posts/cli-secrets/ Watch out to not accidental leak credentials in the shell/bash.