Explore >> Select a destination
|
You are here 
|
objective-see.com | ||
| | | | |
blog.quarkslab.com
|
|
| | | | | It is written almost everywhere: do not expose the Docker socket on Linux! This is followed by the statement that doing so grants root access to the host. But why? What can be done and how? This is what we are about to explore in this article. | |
| | | | |
rossmarks.uk
|
|
| | | | | I wanted to create a hardware pentesting sample report so when clients ask for a sample report I'm not giving them a web app one and saying "It's like this but different". I knew a | |
| | | | |
bradleyjkemp.dev
|
|
| | | | | LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon ?? I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post. | |
| | | | |
www.longdelayspossible.com
|
|
| | | |||
