Один из разработчиков случайно запустил Docker-контейнер с флагом --privileged на проде. Контейнер основан на ubuntu:latest, к нему открыт SSH-доступ, и в системе установлены capsh, nsenter и gcc.
Цель: получить root-доступ на хост-машине, используя уязвимую конфигурацию контейнера.
У вас есть:
– привилегии --privileged – доступ внутрь контейнера – доступ к системным namespace через nsenter
Один из разработчиков случайно запустил Docker-контейнер с флагом --privileged на проде. Контейнер основан на ubuntu:latest, к нему открыт SSH-доступ, и в системе установлены capsh, nsenter и gcc.
Цель: получить root-доступ на хост-машине, используя уязвимую конфигурацию контейнера.
У вас есть:
– привилегии --privileged – доступ внутрь контейнера – доступ к системным namespace через nsenter
I have no inside knowledge of a potential stock listing of the popular anti-Whatsapp messaging app, Telegram. But I know this much, judging by most people I talk to, especially crypto investors, if Telegram ever went public, people would gobble it up. I know I would. I’m waiting for it. So is Sergei Sergienko, who claims he owns $800,000 of Telegram’s pre-initial coin offering (ICO) tokens. “If Telegram does a SPAC IPO, there would be demand for this issue. It would probably outstrip the interest we saw during the ICO. Why? Because as of right now Telegram looks like a liberal application that can accept anyone - right after WhatsApp and others have turn on the censorship,” he says.
Telegram has exploded as a hub for cybercriminals looking to buy, sell and share stolen data and hacking tools, new research shows, as the messaging app emerges as an alternative to the dark web.An investigation by cyber intelligence group Cyberint, together with the Financial Times, found a ballooning network of hackers sharing data leaks on the popular messaging platform, sometimes in channels with tens of thousands of subscribers, lured by its ease of use and light-touch moderation.Библиотека хакера | Hacking Infosec ИБ информационная безопасность from ye
