Analysis of Crypto used by AppVeyor Secure Variables
We recently investigated AppVeyor’s “secure variables” (aka “Encrypt YAML”) feature. We wanted to understand the crypto and algorithms it uses (which is not documen ...
Read MoreSearch
Manipulating Signed Docker Images
Docker Content Trust (DCT) is Docker’s mechanism for code signing. Developers can sign images they create and people using these images can verify if they have b ...
Read MoreCitrix NetScaler CVE-2019-19781
Vulnerability CVE-2019-19781 in Citrix NetScaler has been a pain for organizations' IT departments for the last two weeks and it still keeps us busy supporting our ...
Read MoreKubernetes RBAC Security Pitfalls
My previous blogpost covered the basics of the Kubernetes Role-Based Access control (RBAC) module. Here, I want to provide some common mistakes and vulnerabilities ...
Read More