Become a member
Sign in
Andy Wong
Andy Wong

Andy Wong

5 Following
2 Followers
  • Profile

  • Claps

Latest

Andy Wong
Andy Wong
Feb 15 · 3 min read

AWS Internal bandwidth reference table

This reference followed AWS recommend tools ipref3 to perform the test to verify the different of the Low, Moderate, High, 10 Gigabit, and 20 Gigabit.

Andy Wong
Andy Wong
Dec 6, 2018 · 3 min read

K8S CVE-2018–1002105 分析

最近看到K8s 出現一個漏洞,此漏洞編號為CVE-2018–1002105,讓攻擊者可以發送特殊的系統請求,經由Kubernetes API Server,與企業內部後端伺服器進行連線,藉由取得Kubernetes API Server的認證,攻擊者就能利用既有連線,任意向後端伺服器發送請求。

發現Github 已經有POC方法。今次這個漏洞最關鍵就是要將HTTP header 加入upgrade,去建立一個websocket。今次的漏洞可以看到K8s 並不是只用HTTPS…