Pastebin search tips

1. Search by keywords in archive org collection search web.archive.org/collection-sea… (last update 2023)
2. Search fresh pastes links in index.commoncrawl.org
3. Search in Pastebin and dozens other paste sites with this Google CSE:

cybdetective.com/pastebin.html

Good shot, really impressive.

Enumeration tools for hacking.

github.com/Ignitetechno...

Hmm, ChatGPT's system prompt looks a bit weird compared to Grok's 🤔.

#infosec #ai #llm #informationdisclosure

Lol, what's that? Grok happily outputs it's system prompt if you change your account location to some specific locations.
Ok...

Privileged containers should be avoided whenever possible. But sometimes it is necessary if you run a low level app like k8s or kubevirt.
They require privileged containers to manage the resources.

Example:
mount /dev/sda1 /mnt/hostfs.

If the container also runs with --pid host, you can directly switch to the host namespace which is the same as directly accessing the host.

Example:
nsenter --target 1 --mount --uts --ipc --net --pid -- bash.

🐳 #Docker #ContainerBreakout #PrivilegeEscalation
2. Escaping a privileged Container

To escape a privileged container is pretty easy because you have access to the devices under /dev, i.e. you can mount the disk inside the container and access the host filesystem.

This means the socket can be used to start a privileged container that ultimately gives root privileges on the host

Usually mounted docker sockets are found in corporate CI environments to run build jobs.

🐳 #Docker #ContainerBreakout:
1. Mounted Docker socket:

If you find a mounted Docker socket inside a container it can usually be exploited to takeover the host.

This is because docker itself does not have access control and access to the socket allows to perform any action.

Did you know there are currently 7 known ways to break out of a 🐳 #Docker #container?

I will explain them to you in a Docker escape series.

#PrivilegeEscalation #ContainerBreakout
#DockerBreakout

Yes, it also works with binary data.

But you have to make it executable again (in case of a program) after it was received.

😂 Security best practice if your password appears in a word list. Make a PR to remove it and let everyone know that it's your password.

How to receive a file on a 🐧 #Linux host where you have no curl available?

You can leverage Linux's raw TCP network socket.

Host the file on a public accessible IP with:
nc -lvp 999 < /path/file

And receive it on the client with:
cat < /dev/net/<IP>/999 > /tmp/out

You can just try to buy it on GoDaddy's website, normally it will show you that the domain is taken and an estimated price for brokerage services.

You can try GoDaddy. They usually offer broker services for such cases.
But depending on the domain it can become very fast very expensive.
But u can take a look if they offer it for the domain u want.
If not, your only option is to whois lookup the data and contact the registrar.

How to find n-day vulnerabilities in Google Chrome V8 engine?
Checkout Alisa's video from VXCON www.youtube.com/live/b9Ohamk...

😊 only to ensure u r legit...

Interesting video and research by Alisa Esage about Fuzzing.

www.youtube.com/live/9U-FK_Q...

Slides: zerodayengineering.com/research/sli...

I'm really impressed by the possibilities that bluesky provides. It lets me setup everything how I like it, even content moderation settings in a very detailed way. This is pretty cool.

Man, where are all the skilled Security Researchers?