Gafnit Amiga

Lightspin Blog

Executive Summary ... Read More

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals. Using the executed code, I accessed the Metadata service attached to the ... Read More

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that helps you to create, operate, and maintain Kubernetes clusters. Amazon EKS has several deployment options including AWS cloud and on-premises (Amazon EKS Anywhere). Amazon EKS uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for ... Read More

Starting in October 2021, the NGINX’s Kubernetes Ingress Controller started to come under siege from security researchers and the open salvo was delivered in the form of CVE-2021-25742 which allowed attackers to gain access to secrets stored across all namespaces in a Kubernetes cluster. Around that time, the Lightspin Security ... Read More

TL; DR Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. The internal AWS service was connected to AWS internal account, related to the RDS service. The vulnerability was reported to AWS Security ... Read More

During our research about security in data science tools we decided to look at Amazon SageMaker which is a fully managed machine learning service in AWS. Here is the long and short of our recent discovery. TL; DR We found that an attacker can run any code on a victim’s ... Read More

Attackers can gain access to secrets across all namespaces The high severity alert known otherwise as CVE-2021-25742, was recently brought to the public’s attention and has prompted us to believe that it may be worthwhile to do a deeper dive into what this vulnerability really is and what it means ... Read More