Whether you are a security researcher or an amateur hacker, if you find a security vulnerability in an application or website, you are often faced with the question: What do I do now?

Internet access in Russia is heavily censored. Ahead of the invasion of Ukraine on February 24, 2022, this censorship has further increased. But how reliable is the censorship and how is the censorship technically implemented?

Anyone who has ever signed up somewhere knows password rules: 8 characters, uppercase letters, lowercase letters, special characters, …. But are these rules really useful and what are good password rules?

Bolt is a content management system based on PHP that is a lightweight alternative to Wordpress and is used extensively by agencies. We discovered a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a file to achieve remote code execution.

What is even OSINT? OSINT at its core stands for open-source intelligence and Wikipedia defines it as follows: Open-source intelligence (OSINT) is the collection and analysis of data gathered from open sources (overt and publicly available sources) to produce actionable intelligence. OSINT is used by various entities to gain information or insights on specific topics. Insurance companies, for example, use OSINT to assess the risk of their insurance policies. Other areas where OSINT is used on a daily basis include the military, intelligence agencies, law enforcement, banks and, of course, cyber criminals.

The HackTheBox Business CTF 2022 featured two cloud challenges. The harder one was Operator, which we will present in the following. Fasten your seatbelts as this will be kind of a ride!

Kubewarden, an only recently admitted CNCF sandbox project, has had its first stable release on 22nd of June, 2022 — a perfect time to have a quick look at it. What is Kubewarden? In short: Kubewarden is an admission controller for Kubernetes (stylized as K8s), that tries to replace the now deprecated Pod Security Policies and unify the current ecosystem by supporting both versions of Rego policies (used by Open Policy Agent and OPA gatekeeper).

Follina is a newly discovered vulnerability that allows to exploit the Microsoft Support Diagnostic Tool (MSDT) via specifically crafted Microsoft Office and Rich Text Format files. It is a RCE vulnerability and therefore enables an attacker to execute code on the exploited Windows system.

Heutige Angreifer und mit Ihnen zusammen aktuelle Malware werden immer besser und daher schwieriger zu entdecken. Natürlich verbessern die Verteidiger ihre Werkzeuge ebenso stetig. So kommt es zu dem Wettrüsten, welches wir seit Jahren beobachten. Auch wenn Antivirensoftware versucht bei diesem Katz-und-Maus-Spiel mitzuhalten, ist dies immer nur verzögert möglich und man sollte sich auf keinen Fall zu sehr auf sie verlassen.