Blog

Insight, analysis and news from 4ARMED's application and cloud security specialists

Kubernetes
Kubeletmein - A tool for abusing kubelet credentials

Kubeletmein is a simple tool to exploit cloud provider kubelet TLS bootstrapping techniques and escalate privileges within a Kubernetes cluster.

Kubernetes
Hacking Kubelet on Google Kubernetes Engine

The kubelet is a critical security boundary in Kubernetes and any successful attack against this component is likely to lead to a wider cluster com...

Vulnerabilities
XXE Vulnerability in Excel Streaming Reader Java Library

The Java library Excel Streaming Reader was found to be vulnerable to XML External Entity attacks during a recent penetration test we performed for...

Vulnerabilities
Exploiting XXE with Excel

XML External Entity attacks are very common, particularly through HTTP-based APIs, and we regularly encounter and exploit them often gaining very p...