Posts by

The Curious Case of a Kibana Compromise
October 31, 2019
The sun rose, coffee was guzzled, and fingers clicked away at keys, making it a typical day at Capsule8 HQ – until it wasn’t. As the Capsule8 team deployed one of our toy target instances (one with exploitable software on it for demo purposes), we noticed alerts firing from components which weren’t part of our […]
An Infosec Lens on the 2019 State of DevOps Report: What It Means for Us
October 28, 2019
Understanding DevOps trends is essential for infosec professionals. Before you angrily close the tab because you are tired of lectures about the need for infosec to work with DevOps, consider whether the idea of a job focused on strategic, innovative work rather than firefighting and gatekeeping is appealing. If so, then these trends matter for […]
CVE-2019-16928
HELO, Is It Me You’re Exploiting For?
October 1, 2019
Another month, another pre-auth RCE in Exim, an open source mail server for Unix systems. This time, it’s CVE-2019-16928, a heap-based buffer overflow reported this weekend. Why it matters: If you heard about the other Exim bug from mid-September, you probably did the smart thing and patched to the latest version (4.92+). Regrettably, this new […]