Hacking CVE-2022-39841 Medusa's leaky WebSocket A critical vulnerability in Medusa allows for information leakage, including plaintext credentials, by attaching to an unauthenticated WebSocket and waiting for a user to make a configuration change.
Hacking CVE-2021-31607 SaltStack Minion Privledge Escaltion in Snapper Module I discovered a command injection vulnerability in SaltStack's Salt that allows privilege escalation using malicious filenames on a minion when the master calls snapper.diff. But... I was too slow!
Hacking CVE-2020-28243 (2) SaltStack Minion Denial of Service via Argument Injection Recently I disclosed a local privilege escalation, CVE-2020-28243, in SaltStack's Salt via specially crafted process names. However, due to an incomplete fix, argument injection leading to a low impact denial of service is still possible.
Hacking Featured CVE-2020-28243 SaltStack Minion Local Privilege Escalation I discovered a command injection vulnerability in SaltStack's Salt that allows privilege escalation via specially crafted process names on a minion when the master calls restartcheck.
Metasploit New Metasploit Module: docker_privileged_container_escape I wrote a new metasploit module, docker_privileged_container_escape, that escapes from a docker container with access to the docker sock obtaining a root shell on the host operating system.
Software Featured Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE) I developed a container enumeration script. Think of it like linpeas/linenum but for containers.
Hacking Python UUEncode Vulnerability tl;dr Found a vuln in some old and mostly unused data format in python, spoke to Guido van Rossum (inventor of Python), and submitted a PR with a fix. I had a look at the Python source code for and discovered a vulnerability in the UUEncode methods in Python.