security Archives - Christophe Tafani-Dereeper

Stop worrying about ‘allowPrivilegeEscalation’

christophetd 14 June 2024 14 June 2024 Leave a Comment

Kubernetes’ ‘allowPrivilegeEscalation’ is a useful but poorly understood security hardening setting. Let’s dive into how it works and debunk some common myths about it.

[Write-up] Insomni’hack 2018 CTF teaser

christophetd 23 January 2018 22 January 2018 3 Comments

Like every year, the Swiss security event Insomni’hack releases a “CTF teaser” two months prior the real CTF. This post is a write-up for three of the challenges: Vulnshop, Smart-Y, and Hax4Bitcoins. Unfortunately I learned about this CTF a bit late, so I didn’t get much time to play on it.

[Write-up] SickOs 1.1

christophetd 19 June 2017 8 April 2017 3 Comments

In this post I’ll talk about how I managed to exploit the SickOs 1.1 VM made by D4rk36. The fact that the author mentions it is very similar to the OSCP labs caught my eye since I’m seriously thinking about taking this certification in a few months. 🙂 Let’s get started!

[Write-up] Vulnix – playing around with NFS

christophetd 6 October 2017 6 April 2017 1 Comment

I managed to find the time to play on a new vulnerable VM. This time, it will be Vulnix and will mainly be around exploiting vulnerable NFS shares. The VM was overall quite simple, but still learned me several things about NFS and how it plays with remote permissions.

[Write-up] Mr Robot

christophetd 12 January 2018 4 April 2017 27 Comments

It’s been a few months since I wrote my last write-up on a VulnHub vulnerable machine. Time for a new one! The VM is called Mr Robot and is themed after the TV show of the same name. It contains 3 flags to find, each of increasing difficulty.

[Write-up] Droopy v0.2 CTF

christophetd 11 April 2017 20 January 2017 1 Comment

I recently started gaining a lot of interest in security, and after reading several CTF write-ups, I decided to try to solve one by myself. I chose Droopy v0.2. In case you don’t know, the goal of a CTF is very simple: Capture The Flag! Most of the time, the flag is simply a text file that you can obtain after having gained root access on the machine. You are only provided with a virtual machine, and the rest is up to you. Let’s get started!