Kevin Gimbel – DevOps, Photography, Games

Tag: Security

  • Oh no my gpg key expired (like every year)

    by

    Kevin
    in ,

    Who doesn’t love encryption and security? I like to sign my git commits, and for this I need PGP keys. They are cool when they work and you don’t need to think about them, but every now and then they need to be renewed (unless you use never expiring keys which of course you shouldn’t!).…

  • What we should learn from the xz backdoor

    by

    Kevin
    in

    You may have heard that a vulnerability was found in the xz tool and liblzma library on Friday, 29th of March 2024 which specifically targeted sshd being managed by systemd on Debian and RedHat Linux systems. What happened The catastrophic scope of the attack At first the backdoor seems very odd. xz is a compression…

  • RE: Hacking Terraform State for Privilege Escalation

    by

    Kevin
    in

    An interesting attack vector which uses empty terraform providers and a modified state file to execute code! There’s lots to be excited about as a red teamer and scared of as a blue teamer, but at the top of the list is that the attack does not require a “terraform apply”. Even if the human reviewing…