Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feedercarnal0wnage.attackresearch.com
Get the latest updates from Carnal0wnage & Attack Research Blog directly as they happen.
Follow now 170 followers
Last updated over 4 years ago
over 4 years ago
I watched a good DEF CON video on abusing public AWS Snapshotshttps://www.youtube.com/watch?v=-LGR63yCTtsI...
over 4 years ago
The Duality of Attackers - Or Why Bad Guys are a Good...
almost 5 years ago
BugBounty story #bugbountytipsA fixed but they didn't pay the bugbounty story...Timeline:reported 21...
about 5 years ago
"Nomad is a flexible container orchestration tool that enables an organization to...
over 5 years ago
After yesterday's post, I received a ton of interesting and creative responses...
over 5 years ago
Over the weekend my wife was feeling under the weather. This meant...
almost 6 years ago
second exploit from the blog posthttps://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlChained with CVE-2018-1000600 to a Pre-auth Fully-responded...
almost 6 years ago
References:https://www.exploit-db.com/exploits/46453http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlThis post covers the Orange Tsai Jenkins pre-auth exploitVuln versions: Jenkins &lt...
almost 6 years ago
While doing some research I found several posts on stackoverflow asking how...
almost 6 years ago
If you find yourself on a Jenkins box with script console access...
almost 6 years ago
Forced API token changeSECURITY-180/CVE-2015-1814https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-changeAffected VersionsAll Jenkins releases <= 1.605All LTS releases <=...
almost 6 years ago
API tokens of other users available to adminsSECURITY-200 / CVE-2015-5323API tokens of...