IntroductionThe attacker's perspective on K8S cluster security (Part 1) summarizes the attack methods on K8S components, node external services, business pods, and container escape methods in the K8S cluster, corresponding to attack points. This article will continue to introduce attack points ..

PrefaceThe current popularity of Java security can be said to be a must-know for the red team. I once fell into the beginning of learning Java security - learning CC chain - giving up - starting to learn Java again The vicious circle of safety is like memorizing words and always stops at abandon. Fi..

Hey everyone, This is a blog related to my recent CVE on ServiceNow.It was found while testing a bug bounty program that was using ServiceNow and their in-scope domain was ‘redacted.service-now.com’. I searched the ServiceNow exploits on google and found that the domain was vulnerable to CVE-2019-20..

IntroductionAs a representative of cloud-native management and orchestration systems, Kubernetes (K8S for short) is receiving more and more attention. A report [1] shows that 96% of organizations are using or evaluating K8S, and its market share in production environments is Visible.The functions of..