During my journey to become a Certified Kubernetes Administrator (CKA) and Certified Kubernetes Security Specialist (CKS), I was focused on exploring ways an attacker could exploit an exposed ETCD. I attempted various methods without success until now. DISCLAIMER: Please note that this technique can only be used when the attacker…

El lanzamiento de ChatGPT ha sido uno de los eventos más importantes en el sector de tecnología e informática en los últimos años. …

https://lobuhi.github.io/ In fairness, this is just a fork from Ippsec.Rocks, a great resource which I visited oftenly when I was enrolled for OSCP. …

Sure, I’ve reported HSTS and cookie secure flags more times that I’d admit just because Burp says so. Sometimes customers are ashamed to ask how things work or why any header would improve its security posture, sometimes even security consultants are afraid about it. One day a curious customer just…

First, let me explain you about my background. I mess with security stuff since I was a teenager, not always with the same intensity but I’ve been always connected to cybersec scene in one way or another. My first IT job it was as a night shift helpdesk, it seems…

…sin sufrir demasiado. La mayoría de guías destinadas a este propósito obvian algunos errores típicos durante la instalación de algunos de estos componentes y se limitan al siguiente, siguiente, siguiente del emulador de turno, pero montar un laboratorio para Android destinado a pentesting, sin ser una tarea compleja, requiere de…

Kubernetes is a maze: deployments, pods, containers, namespaces, services… When you arrive at kube-world as a beginner (like me) nothing has sense. For a while, I’ve been thinking about to create a checklist for pentesting purposes and put together every tool, repo or technique I’ve been discovering about kubernetes lately…

ROOM: https://tryhackme.com/room/skynet Let me show you another way than the official writeup you can find here https://blog.tryhackme.com/skynet-writeup/. First things first, let’s scan: Looks like too much info, but we just got ssh, web, pop3, imapd and samba. First change versus the official writeup, I’ll use dirsearch instead of gobuster:

…like responder, mitm6 or others kerberos related methods. This is the story of a lucky boy. Responder didn’t work at all, it just didn’t get anything interesting for two days so I gave up. Then a colleague told me to try with mitm6. Same results. Later I confirmed with admins…