Analysis of Crypto used by AppVeyor Secure Variables
We recently investigated AppVeyor’s “secure variables” (aka “Encrypt YAML”) feature. We wanted to understand the crypto and algorithms it uses (which is not documen ...
Read MoreSearch
Manipulating Signed Docker Images
Docker Content Trust (DCT) is Docker’s mechanism for code signing. Developers can sign images they create and people using these images can verify if they have b ...
Read Moredocker/kubectl exec did not respect no-new-privileges and allowPrivilegeEscalation
TL;DR: There was a bug in docker, which made docker exec not respect the no-new-privileges security option. This issue also impacted the ...
Read More