This is the first of a two-part blog series based on vulnerabilities we usually identify during Kubernetes Penetration Tests that we run for our customers at Appsecco. Part 2 is now live at — https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-2-8efac412fbc5 Introduction Kubernetes security is notoriously complex to get right the first time, especially with so many…

Tales from a recent pentest of a product hosted on the AWS cloud backed by Kubernetes (EKS) and a whole lot of secure design goodness that withstood our attack attempts. Background Our security teams typically test all kinds of applications, infrastructure, cloud services and API setups. We recently engaged with a…

A new vulnerability named CVE-2020–15257 has been discovered in the networking namespace. Our blog covers the details. A Technical Advisory was published by NCC Group regarding the discovery of a vulnerability that allows a container with access to the host network namespace to interact with the API of the container…

Docker announced new limits on image pulls from its Hub. We examine how it may impact your K8s operations. What is happening with Docker Hub and rate limits? A couple of months ago, Docker announced that they would be rate limiting container image pulls starting November 1st 2020 and will start applying the rate limits as detailed in the…

CVE-2020-1472 is a Critical security flaw, christened as “Zerologon”, in Windows Domain controllers, along with exploitation, detection and remediation steps. Introduction The last week has been busy for Windows administrators all around the world applying patches, setting up monitoring and discussing CVE-2020-1472, a CVSS 10 rated Critical remotely exploitable privilege escalation…

During a recent application vulnerability assessment we found a Stored HTML Injection vulnerability that was quickly escalated to a full Server Side Request forgery (SSRF) on a AWS EC2. We test a lot of applications hosted in AWS, especially on EC2. …

Our investigation to see if the IMDSv2 can be attacked using the obscure X-HTTP-Method-Override HTTP header. The definitive answer is no. An interesting Twitter discussion started this all Couple of days ago, we came across a Twitter discussion (screenshot below)

A short blogpost about how the introduction of IMDSv2 affects SSRF attempts on AWS EC2 instances, especially when attempting to retrieve metadata information. Having blogged about exploiting SSRF on AWS EC2 instances in the past, we wanted to give you an update on where things stand now. Multiple scenarios to…

This blogpost is about a recently disclosed security issue with the LastPass browser extension discovered by Tavis Ormandy from the Google Project Zero Team. …