Everything you care about in one place
Follow feeds: blogs, news, RSS and more. An effortless way to read and digest content of your choice.
Get Feedercarnal0wnage.attackresearch.com
Carnal0wnage & Attack Research Blog
Get the latest updates from Carnal0wnage & Attack Research Blog directly as they happen.
Follow now 170 followers
Latest posts
Last updated over 4 years ago
WeirdAAL update - get EC2 snapshots
over 4 years ago
I watched a good DEF CON video on abusing public AWS Snapshotshttps://www.youtube.com/watch?v=-LGR63yCTtsI...
The Duality of Attackers - Or Why Bad Guys are a Good Thing™
over 4 years ago
The Duality of Attackers - Or Why Bad Guys are a Good...
What is your GCP infra worth...about ~$700 [Bugbounty]
over 4 years ago
BugBounty story #bugbountytipsA fixed but they didn't pay the bugbounty story...Timeline:reported 21...
Devoops: Nomad with raw_exec enabled
almost 5 years ago
"Nomad is a flexible container orchestration tool that enables an organization to...
Minecraft Mod, Follow up, and Java Reflection
over 5 years ago
After yesterday's post, I received a ton of interesting and creative responses...
Minecraft Mod, Mother's Day, and A Hacker Dad
over 5 years ago
Over the weekend my wife was feeling under the weather. This meant...
Jenkins - CVE-2018-1000600 PoC
over 5 years ago
second exploit from the blog posthttps://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.htmlChained with CVE-2018-1000600 to a Pre-auth Fully-responded...
Jenkins - messing with exploits pt3 - CVE-2019-1003000
over 5 years ago
References:https://www.exploit-db.com/exploits/46453http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.htmlThis post covers the Orange Tsai Jenkins pre-auth exploitVuln versions: Jenkins &lt...
Jenkins - Identify IP Addresses of nodes
over 5 years ago
While doing some research I found several posts on stackoverflow asking how...
Jenkins - decrypting credentials.xml
over 5 years ago
If you find yourself on a Jenkins box with script console access...
Jenkins - SECURITY-180/CVE-2015-1814 PoC
over 5 years ago
Forced API token changeSECURITY-180/CVE-2015-1814https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-changeAffected VersionsAll Jenkins releases <= 1.605All LTS releases <=...
Jenkins - SECURITY-200 / CVE-2015-5323 PoC
over 5 years ago
API tokens of other users available to adminsSECURITY-200 / CVE-2015-5323API tokens of...