ReynardSec

Floats are probably still hard to handle.
#microsoft #m365

ReynardSec (@reynardsec@infosec.exchange) Attached: 1 image A grumpy ItSec guy walks through the office when he overhears an exchange of words. devops0: Two containers went rogue last night and starved the whole host. devops1: What are we s...

👉 infosec.exchange/@reynardsec/...

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

devops0: Two containers went rogue last night and starved the whole host.
devops1: What are we supposed to do?

👇

#appsec #devops #programming #webdev #docker #cloud #sysadmin #sysops #java #php #javascript #node

"One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens"

dirkjanm.io/obtaining-gl...

#entra #azure #cloud #devops #infosec #cybersecurity #pentesting #pentest

ReynardSec (@reynardsec@infosec.exchange) Attached: 1 image devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is... devops1: Sounds like some another security BS. What's "rootless" supposed t...

infosec.exchange/@reynardsec/...

devops0: Our audit report says we must "enable Docker rootless mode". I have no clue what that even is...

👇

#appsec #devops #programming #webdev #java #javascript #python #php #docker #containers #k8s #cybersecurity

Anthropic to pay authors $1.5 billion to settle lawsuit over pirated chatbot training material Artificial intelligence company Anthropic has agreed to pay $1.5 billion to settle a class-action lawsuit by book authors who say the company took pirated copies of their works to train its chatbot.

"Anthropic to pay authors $1.5 billion to settle lawsuit over pirated chatbot training material"

apnews.com/article/anth...

#ai #llm #anthropic

What could go wrong? 🙂

Estimated time to breach?

#programming #webdev #ai #llm

hopefully grok finally reach AGI lvl and decided to eliminate the pure evil of this world #twitter

...

but it's probably dns or k8s, again...

ReynardSec (@reynardsec@infosec.exchange) Attached: 1 image A grumpy ItSec guy walks through the office when he overhears an exchange of words. devops0: These k8s security SaaS prices are wild. devops1: Image scanning, policy engines, "ente...

ItSec (walking by): You pay for updates & support, probably, but you can do some of this yourselves with a bit of k8s hacking.

devops0: How, exactly?

👉 infosec.exchange/@reynardsec/...

devops0: These k8s security SaaS prices are wild.
devops1: Image scanning, policy engines, "enterprise tiers"... why are we paying so much?

👇

#appsec #devops #kubernetes #programming #webdev #docker #containers #k8s #cybersecurity #infosec #cloud #hacking

vx-underground @vxunderground Lots of frustration in the malware analysis and reverse engineering community. It's been discovered a DEFCON talk, presentation, and the code which coincided withit, was AI slop. The talk itself had hallucinated terminology which (apparently) noone at DEFCON noticed. Bad.

De-Virtualizing the Dragon Automated Unpacking and Deobfuscation of Nested VM-Based Protectors DEFCON 33 - August 9, 2025 Dr. Agostino 'van1sh' Panico Security Researcher van1sh@securitybsides.it| @van1sh_bsidesit "Democratizing Malware Analysis"

Github issue poppopjmp /VMDragonSlayer Public <> Code . Issues 6 ... Add OSHA compliance #8 New issue

VXUG dropped the news that a DEFCON talk was AI generated nonsense and so was the code put on github for it. Some attendees noticed it was off, but this talk was presented, passed review. The github issues are rolling in.

F-16 crash, Radom, PL

#airshow #aircraft #army #poland #europe

How the pivot works (example): From the compromised container, talk to docker.sock and create a helper container that bind-mounts the host root at /host (rw). Then start it. Now you can operate on /host: add SSH keys, read secrets, drop binaries, even chroot. All via REST API using simple curl calls

Dangerous pattern:

docker run -it -v /var/run/docker.sock:/var/run/docker.sock ubuntu:24.04

This gives the container full control of the Docker daemon. If an attacker gets code exec (RCE, deserialization, etc), they can pivot from that container to the Docker host. Please do not do this.!

Why it matters: The Docker CLI talks to the Docker daemon over a UNIX socket (/var/run/docker.sock). That socket exposes the Docker Engine REST API. With it, you can list, start, stop, create, or reconfigure containers - effectively controlling the host via the daemon. That's the oops pattern.

ItSec: Quick test - if curl to docker.sock returns JSON, you've handed admin of Docker daemon. Please don't do that; it's root-by-proxy...

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.

👇

#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming

ReynardSec (@reynardsec@infosec.exchange) Attached: 1 image A grumpy ItSec guy walks through the office when he overhears an exchange of words. devops0: I need to manage other containers on the node from my container, hmm... devops1: Just m...

infosec.exchange/@reynardsec/...

A grumpy ItSec guy walks through the office when he overhears an exchange of words.

devops0: I need to manage other containers from my other container, hmm...
devops1: Just mount /var/run/docker.sock and move on.

👇

#docker #devops #cloud #infosec #linux #php #nodejs #java #javascript #programming

There is even more: for example, as a bonus, in point 001 there’s an interesting analysis concerning the incorrect configuration of PCR banks of the disk encryption process using LUKS.

You’ve probably heard of Cold Boot attacks [1], but have you ever seen a practical example? If not, I recommend reading this report www.securitum.com/public-repor... (point 002, page 15).

#pentest #cybersecurity #hardware #research #infosec #pentesting #computers

Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.

1) Part1: leftarcode.com/posts/afd-re...

#reverseengineering #windows #cyber #malware

Publication by BSI (Germany) and ANSSI (France) on designing LLM-based systems using a Zero Trust approach. Focus: the application layer and "agentic systems".

www.bsi.bund.de/SharedDocs/D...

#ai #programming #llm #llms #cybersecurity #infosec #appsec

2) Part2: leftarcode.com/posts/afd-re...

3) Part3: leftarcode.com/posts/afd-re...

4) Part 4: leftarcode.com/posts/afd-re...

Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.

1) Part1: leftarcode.com/posts/afd-re...

#reverseengineering #windows #cyber #malware

Copilot Broke Your Audit Log, but Microsoft Won’t Tell You Copilot Broke Your Audit Log, but Microsoft Won’t Tell You

pistachioapp.com/blog/copilot...

#cybersecurity #microsoft #ai #copilot #m365 #infosec #vulnerability

A grumpy ItSec guy walks through the office #3 - ReynardSec A grumpy ItSec guy walks through the office when he overhears an exchange of words. dev0: Big news – we finally upgraded every framework to the latest.dev1: And the pipeline looks good: SAST, containe...

A grumpy ItSec guy walks through the office when this happens:

dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline looks good: SAST, DAST... all green!

Read more 👇

reynardsec.com/en/a-grumpy-...

#programming #webdev #php #java #javascript #node #go

right now in homes and offices all over

#ai #programming #cybersecurity #infosec

A grumpy ItSec guy walks through the office...

dev0: Big news - we finally upgraded every framework to the latest.
dev1: And the pipeline's loaded: SAST, container scan, DAST... all green.
dev0: ItSec won't have anything to nitpick now!

👇

#webdev #programming #cybersecurity #infosec #java #php