Friday Squid Blogging: Anniversary Post
-
I made my first squid post nineteen years ago this week. Between then and
now, I posted something about squid every week (with maybe only a few
exception...
Looking ahead to 2025 with HIMSS Media, part 1
-
Enterprise Taxonomy:
Population and Public Health
Finance
Analytics
AI
Cybersecurity and Privacy
Strategic Planning
Care
Business
Data and Information
Org...
Overview of Content Published in December
-
Here is an overview of content I published in December: Blog posts: Update:
1768.py Version 0.0.22 Update: oledump.py Version 0.0.78 SANS ISC Diary
entries...
הגליון המאה שישים ותשעה של DigitalWhisper שוחרר!
-
הגליון המאה שישים ותשעה של DigitalWhisper שוחרר!פורסם ב- December 29, 2024
22:29:13, על ידי- cp77fk4r
ברוכים הבאים לדברי הפתיחה של הגליון ה-169 של Digi...
Andrew Hay’s 2025 Cybersecurity Predictions
-
As we approach 2025, the ever-evolving landscape of cybersecurity continues
to challenge professionals and organizations alike. Based on observed
trends an...
What to Do With Products Without SSO?
-
First, let’s get this out of the way: SaaS vendors that lock Single Sign-On
(SSO) behind enterprise-only plans are disadvantaging their customers and
the i...
זמין מיידית לעבודה חדשה
-
שלום למבקרים באתר, אני זמין כעת מיידית לעבודה חדשה, כשכיר או כעצמאי, כמובן
בתחום אבטחת המידע. אפשר למצוא פרטים מקצועיים נוספים אודותיי וגם ליצור אתי
קשר ...
What a lovely sunset
-
Oh, hi. Long time no blog, eh?
Well, it is time to sunset this blog, I will be deleting it in the next few
weeks.
So long, and thanks for all the fis...
Simple PHP webshell with php filter chains
-
Recently found an LFI in a PHP application and one of the cool things I
learned about recently was PHP filter chains. More info here:
https://www.synacktiv...
Getting DNS Client Cached Entries with CIM/WMI
-
What is DNS Cache The DNS cache maintains a database of recent DNS
resolution in memory. This allows for faster resolution of hosts that have
been queried ...
Random CSO Musing
-
One of the biggest challenges of running a security organization is
balancing the ongoing efforts, with strategic directions, all while keeping
the “pressu...
Lucky Break
-
One of the things I do from time to time is throw out an open ended
question on Twitter. Sometimes I’m making a point, sometimes I just want
to amuse myse...
Indonesian Spam Communities
-
In our last post we tried to shed some light at what seemed to appear as a
very common PayPal phishing email at first glance, but evidently turned out
to b...
CoalaBot : http Ddos Bot
-
CoalaBot appears to be build on August Stealer code (Panel and Traffic are
really alike)
I found it spread as a tasks in a Betabot and in an Andromeda sp...
Big Changes Around the Corner for the IoT
-
The IoT is transforming before our eyes due to increasing regulations,
growing demand for security standards and advancements in the telecom
industry.
T...
ROOTCON 10 Capture The Flag Statistics
-
During ROOTCON 10, we introduced a new dedicated track for our Capture The
Flag, with the comfortable CTF tables and chairs the game was well
participated ...
Citadel 0.0.1.1 (Atmos)
-
Guys of JPCERT, 有難う御座います!
Released an update to their Citadel decrypter to make it compatible with
0.0.1.1 sample.
Citadel 0.0.1.1 don't have a lot of do...
Dridex Down Under
-
Raytheon | Websense® Security Labs™ has been tracking malicious email
campaigns associated with the Dridex banking Trojan since 2014. An
interesting deve...
Forensic
-
אחת מהבעיות העיקריות בביצוע תהליך FORENSIC הוא לאחר ביצוע תהליך שיכפול ה -
Harddisk (על פי כל התקנים של שיכפול ביט אחרי ביט), היא לבצע מחקר על *מחשב
חי...
TrustKeeper Scan Engine Update – February 4, 2015
-
The latest update to the TrustKeeper scan engine that powers our Trustwave
Vulnerability Management product (including both internal and external
vulnerabi...
RSA Announces End of RSA Security Conference
-
Aims to bring clarity to cloudy marketing messages through exhibit hall
chotskies Bedford, MA., – April 1, 2014 – RSA, the security division of
EMC, today ...
botCloud – an emerging platform for cyber-attacks
-
Hosting network services on Cloud platforms is getting more and more
popular. It is not in the scope of this article to elaborate the advantage
of using Cl...
Available actions
Currently Docker Scan support these actions:
Scan: Scan a network trying to locate Docker Registries
Registry
Delete: Delete remote image / tag
Info: Show info from remote registry
Push: Push an image (like Docker client)
Upload: Upload a random file
Image
Analyze: Looking for sensitive information in a Docker image.
Looking for passwords in environment vars.
Try to find any URL / IP in the environment vars.
Try to deduce the user used internally to run the software. This is not trivial. If the entry point is a .sh file. Read the file and try to find call to sudo-like: “sudo”, “gosu”, “sh -u”… And report the user found.
Extract: extract a docker image
Info: Get a image meta information
Modify:
entrypoint: change the entrypoint in a docker
trojanize: inject a reverser shell into a docker image
user: change running user in a docker image
What's the difference from Clair or Docker Cloud?
The purpose of Dockerscan is different. It's foccussed in the attack phase.
Although Dockescan has some functionalities to detect vulnerabilities in Docker images and Docker registries, the objective is the attack.
Documentation
Documentation is still in progress...
