Riyaz WalikarinAppseccoA Pentester’s Approach to Kubernetes Security — Part 2This is the second of the two-part blog series. Part 1 is covered here —…Nov 16, 20231Nov 16, 20231
Riyaz WalikarinAppseccoA Pentester’s Approach to Kubernetes Security — Part 1This is the first of a two-part blog series based on vulnerabilities we usually identify during Kubernetes Penetration Tests that we run…Nov 8, 2023Nov 8, 2023
Riyaz WalikarinAppseccoHacking an AWS hosted Kubernetes backed product, and failingTales from a recent pentest of a product hosted on the AWS cloud backed by Kubernetes (EKS) and a whole lot of secure design goodness that…Jun 2, 2022Jun 2, 2022
Riyaz WalikarinkloudleCVE-2020–15257 What is it and how does it impact your Docker and Kubernetes environments?A new vulnerability named CVE-2020–15257 has been discovered in the networking namespace. Our blog covers the details.Feb 20, 2021Feb 20, 2021
Riyaz WalikarinkloudleAre you sure you are not missing patching your clusters because of the new Docker hub limits?Docker announced new limits on image pulls from its Hub. We examine how it may impact your K8s operations.Feb 16, 2021Feb 16, 2021
Riyaz WalikarinAppseccoZerologon (CVE-2020–1472) detection, patching and monitoringA quick post to describe CVE-2020–1472 a Critical flaw, christened as “Zerologon”, in Windows Domain controllers, along with exploitation…Sep 23, 2020Sep 23, 2020
Riyaz WalikarinAppseccoFinding SSRF via HTML Injection inside a PDF file on AWS EC2Finding SSRF on app hosted on AWS EC2 allows for data theft from AWS account. Capital One lost 100M+ bank records due to an issue like…Apr 5, 20202Apr 5, 20202
Riyaz WalikarinAppseccoAWS EC2 IMDSv2 versus an esoteric HTTP MethodOur investigation to see if the IMDSv2 can be attacked using the obscure X-HTTP-Method-Override HTTP header. The definitive answer is no.Jan 2, 2020Jan 2, 2020
Riyaz WalikarinAppseccoServer Side Request Forgery (SSRF) and AWS EC2 instances after Instance Meta Data Service version…A short blogpost about the how introduction of IMDSv2 affects SSRF attempts on AWS EC2 instances, especially when attempting to retrieve…Dec 6, 20194Dec 6, 20194
Riyaz WalikarinAppseccoSecurity Analysis of LastPass credential leak — By bypassing do_popupregister()This blogpost is about a recently disclosed security issue with the LastPass browser extension discovered by Tavis Ormandy from the Google…Sep 18, 2019Sep 18, 2019