RAMming Down Hype via Intel CSME

Recently, security researchers found new vectors of exploiting a vulnerability in Intel CSME, CVE-2019-0090, affecting all Intel chips other than Generation 10 (Ice Lake). The researchers haven’t released exploitation details …

Container Security – Nobody Knows What It Means But It’s Provocative

The current understanding of “container security” as a term and market is muddled, especially given containers are used by different teams in different contexts. It could mean scanning image repositories …

A Cloudy Forecast for ICS: Recap of S4x20

Photo credit: @montaelkins – Kelly Shortridge Keynote at S4x20 Last week, I keynoted S4x20, the biggest industrial control systems (ICS) security conference in the world, and was able to catch …

What is the Linux Auditing System (aka AuditD)?

The Linux Auditing System is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. In this post, we will cover what …

An Infosec Lens on the 2019 State of DevOps Report: What It Means for Us

Understanding DevOps trends is essential for infosec professionals. Before you angrily close the tab because you are tired of lectures about the need for infosec to work with DevOps, consider …

HELO, Is It Me You’re Exploiting For?

Another month, another pre-auth RCE in Exim, an open source mail server for Unix systems. This time, it’s CVE-2019-16928, a heap-based buffer overflow reported this weekend. Why it matters: If …

How Capsule8 Approaches Linux Monitoring

We at Capsule8 have put a lot of thought into our product by thinking about what would make us most mad as hackers if we encountered it while attacking an …

(Back) Slasher: RCE Horrors in Exim

Last week, a buffer overflow vuln, deemed CVE-2019-15846, was announced in Exim that allowed remote code execution (RCE) via a trailing backslash, perhaps like a blade-wielding ghost stalking you after …

Off to the PTraces

Yesterday, a privilege escalation bug in the ptrace syscall was made public by Jann Horn at Project Zero, deemed CVE-2019-13272. The culprit was broken permission and object lifetime handling by …