Cory Sabol

Kubernetes Security – A Useful Bash One-Liner

Whether you’re an administrator, pentester, devop engineer, programmer, or some other IT person, chances are that you’ve heard of Kubernetes (k8s). If you’re a penetration tester like myself you may sometimes find yourself in odd situations involving k8s. One such situation is getting or being given super admin to a Kubernetes cluster, but you’re on …

Kubernetes Security – A Useful Bash One-Liner Read More »

It’s Okay, We’re All On the SameSite

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m going to demonstrate a scenario in which the SameSite default won’t actually stop a CSRF attack from …

It’s Okay, We’re All On the SameSite Read More »

A Container Hacker’s Guide to Living Off of the Land

Sometimes as a pentester you find yourself in tricky situations. Depending on the type of engagement, you might want to try to avoid making a lot of noise on the network if possible. This blog post is going to talk about two techniques to use to gather information on your target while avoiding making too …

A Container Hacker’s Guide to Living Off of the Land Read More »

Escaping the Whale: Things You Probably Shouldn’t Do With Docker (part 2)

This post is part 2 of a series of blog posts on container hacking. If you haven’t read the part1, you should check it out. Today I’m going to tell you about a new collection of scripts, and a lab VM for hacking containers. Both of these resources are currently works in progress, and are …

Escaping the Whale: Things You Probably Shouldn’t Do With Docker (part 2) Read More »

Escaping the Whale: Things you probably shouldn’t do with Docker (Part 1)

In this blog post, I won’t spend too much time explaining what Docker is and is not. You can do some research on your own if you want to learn more about Docker and containerization technology. Instead, I will show you but one simple way to possibly open your system up to a plethora security …

Escaping the Whale: Things you probably shouldn’t do with Docker (Part 1) Read More »

Scroll to Top