Matthias Luft

Infosec Enthusiast & Practitioner. Opinions are my own. Pentest→Research→Leading→Security Engineering. Love Martial Arts, Outdoors, Dogs.

2025-04-10

I didn't even think about this yet, but linting file- and directory names in project structures makes a lot of sense - and there is of course a tool for it:

ls-lint.org/

2025-04-02

Alright AKS, pick a lane:

Kubenet: Pods receive IP from an overlay network. Retires March 2028

Azure CNI Standard: Pods receive IP from VNET

Azure CNI Overlay: Pods receive IP from an overlay network.

2025-04-01

Great article on using GitHub as a workflow platform:

github.blog/engineering/issueo

Can absolutely recommend for security workflows and management as well!

2025-03-31

Quite some #IngressNightmare #CVE-2025-1974 PoCs on GitHub now that look good at a cursory review:

github.com/hakaioffsec/Ingress

github.com/yoshino-s/CVE-2025-

github.com/Esonhugh/ingressNig

github.com/hi-unc1e/CVE-2025-1

github.com/lufeirider/IngressN

github.com/zwxxb/CVE-2025-1974

github.com/rjhaikal/POC-Ingres

Quick note on exploits trying to use `nginx.ingress.kubernetes.io/server-snippet`: That annotation has been identified as an issue before and has been disabled to mitigate CVE-2021-25742.

2025-03-31

@raesene True, quite some good stuff out now!

2025-03-28

@raesene Hm, the ones I looked at were quite lacking :D But that was two days ago and reliable exploit did not take that long. Will have a look, thx :)

2025-03-28

I wrote up some details on exploiting #IngressNightmare #CVE-2025-1974:
www.averlon.ai/blog/kuberne...

Where are we at with releasing a full PoC?

2025-03-18
Matthias Luft boosted:
2024-12-20

in switzerland you aren't allowed to have a train with exactly 256 axles because of an integer overflow in the axle counting machine

i wish i could fix my software bugs by making it illegal to cause them

to avoid falsely signalling a section of track as clear by resetting the axle counter to zero, and thus to avoid collisions, the total number of axles in a train must not equal 256
2024-12-19

One long plane ride later and my cloud security knowledge base is finally transformed into a proper awesome-repo:

github.com/uchi-mata/awesome-c

There are lots of good cloud security knowledge collections out there, but maybe this is helpful for some 🙂

2024-12-12

Could be a very interesting metric when trying to triage vulnerabilities 🙃

vuldb.com/?kb.exploitprices

2024-12-04

If you need some more interactivity while wrangling those jq queries:

github.com/ynqa/jnv

2024-12-02

Collection of known-malicious packages/package identifiers:

github.com/ossf/malicious-pack

2024-11-28

Nobody:

Azure Chief Naming Officer: Azure Automation Agent-based User Hybrid Runbook Worker (Windows and Linux)

2024-11-22

Continuing the discussion on CVE data: here’s one for thought as we head into the weekend — CVE-2022-26520.

- Vulnerability requires an attacker to be able to modify application code around the postgres database connector.
- According to CVSS ratings, it’s categorized as low complexity, requiring no user interaction or prior privileges.

While there might be situations in which those ratings ratings are technically accurate, they don’t fully reflect the practical realities of exploiting this vulnerability.

2024-11-20

Another perfect example of the challenges in our CVE data/ecosystem:

gitlab.freedesktop.org/cairo/c

- Bug is difficult to reproduce, not clear whether it is exploitable anywhere at all

- Bug was reported/discussed 6 years ago

- CVE created 4 years ago

- 3 years ago someone asks whether this was fixed

- No activity since

- CVE: Exists and gets reported by scanners.

2024-11-18

Kubernetes has a great debugging feature that lets you to start ephemeral containers in an existing pod:
lnkd.in/eaqES9cU

This feature enables you to keep your production containers minimal (read: with minimal attack surface and patching effort) while still retaining debugging capabilities. However, not all container runtimes supported this in the past.

Good news: for over a year now, all major container runtimes have supported this feature (at least, the last time I checked!).

2024-11-13

I have little insight into the commercial legacy firewall vendors these days anymore, but I always wanted DNS-based policies 6+ years back when I still occasionally had to deal with them. So seeing Calico's domain-based network policies is ✨ ✨✨ for me (in a standardized text-based machine-processable format even).

Calico domain-based network policy allowing DNS to *.google.com
Matthias Luft boosted:

Hi all, I'm looking for a new team member to join the infosec team @camunda . The role is a GRC analyst role that will focus on audits and compliance monitoring. We are a pretty technical team where automation has a strong focus. If that sounds interesting to you check out the link(salary ranges based on location included inside): camunda.com/jobs/?gh_jid=62400

#infosec #getfedihired #grc #compliance #jobad

Matthias Luft boosted:
Genderative AIquephird@tech.lgbt
2024-09-27

My favorite scene with Maggie Smith...

Meme with Maggie Smith on the top asking "Why is it when something happens, it is always you three?" and captioned with "C", and Hermione, Ron, and Harry on the bottom captioned with "\0", "-1", and "Jan 1st 1970" respectively.

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst