Prepare your containers for the worst: a DFIR caseRecently, while talking to a colleague, he explained that he was facing a forensic case involving a service hosted in a container. The…Jun 14Jun 14
DaemonSets: The Philosopher’s Stone of Lazy SysadminsIn the complex and ever-evolving landscape of system administration, Kubernetes DaemonSets have emerged as a seemingly magical solution…Feb 14Feb 14
The Orange’s RIPE Account Incident: Why Security Matters at Every Layer and ProcessThe cybersecurity world witnessed a concerning incident these days: the compromise of Orange’s RIPE account, obtained through the Racoon…Jan 5Jan 5
Understanding Post-Exploitation: A Crucial Element in Cybersecurity Defense StrategiesIn the digital landscape, cybersecurity is often conceptualized as a fortress that must be defended at all costs. However, this analogy…Nov 8, 2023Nov 8, 2023
Learning Golang: From 0 to multithreading in 3 days thanks to ChatGPTSome of you may already know about my tool byp4xx, a simple script to bypass 40X/HTTP responses that uses different methodologies. It…Jan 27, 2023Jan 27, 2023
Abusing ETCD to Inject Resources and Bypass RBAC and Admission Controller RestrictionsUPDATE 20/10/23: The detailed history below was the initial steps in the research on how to inject resources into etcd. The research…Jan 16, 2023Jan 16, 2023
Las implicaciones de ChatGPT para el sector IT y la ciberseguridadEl lanzamiento de ChatGPT ha sido uno de los eventos más importantes en el sector de tecnología e informática en los últimos años. ChatGPT…Dec 3, 2022Dec 3, 2022
How I made a reliable hacking tools and resources search engine in two days (~6500 entries!)https://lobuhi.github.io/Nov 3, 2022Nov 3, 2022
We all should stop reporting missing headers just because Burp Suite burps itSure, I’ve reported HSTS and cookie secure flags more times that I’d admit just because Burp says so.Sep 9, 20221Sep 9, 20221