Matthias Luft
@uchi-mata.bsky.social
Infosec Enthusiast & Practitioner. Opinions are my own. Pentest→Research→Leading→Security Engineering. Love Martial Arts, Outdoors, Dogs.
infosec.exchange/@uchi_mata
www.rational-security.io
infosec.exchange/@uchi_mata
www.rational-security.io
Not from the US, but is that this “why did the chicken cross the road” thing?
May 29, 2025 at 6:19 AM
Not from the US, but is that this “why did the chicken cross the road” thing?
Reposted by Matthias Luft
Well well well...
It's all starting to make sense now!
It's all starting to make sense now!
May 28, 2025 at 6:39 PM
Well well well...
It's all starting to make sense now!
It's all starting to make sense now!
#TACO started by @megancnbc.bsky.social - and she has way too few followers for that, let’s change that.
May 29, 2025 at 6:12 AM
#TACO started by @megancnbc.bsky.social - and she has way too few followers for that, let’s change that.
Reposted by Matthias Luft
Reposted by Matthias Luft
If you read the post about O3 finding a SMB bug in the Linux Kernel, I did a few tests and I what I suspected looks true: Gemini 2.5 PRO can more easily identify the vulnerability. My success rate is so high that running the following prompt a few times is enough: gist.github.com/antirez/8b76...
linux_smb_vunlerability_prompt.txt
linux_smb_vunlerability_prompt.txt. GitHub Gist: instantly share code, notes, and snippets.
gist.github.com
May 25, 2025 at 10:06 AM
If you read the post about O3 finding a SMB bug in the Linux Kernel, I did a few tests and I what I suspected looks true: Gemini 2.5 PRO can more easily identify the vulnerability. My success rate is so high that running the following prompt a few times is enough: gist.github.com/antirez/8b76...
Reposted by Matthias Luft
It’s funny that you can go through 20 years of schooling without ever seeing the idea that writing is a tool for thinking.
May 20, 2025 at 2:31 PM
It’s funny that you can go through 20 years of schooling without ever seeing the idea that writing is a tool for thinking.
Reposted by Matthias Luft
Reposted by Matthias Luft
Most companies are getting AI implementation wrong.
They’re focused on using it to *replace* humans rather than *enhance* humans.
The ones that recognize this now will gain a massive lead in this race.
They’re focused on using it to *replace* humans rather than *enhance* humans.
The ones that recognize this now will gain a massive lead in this race.
April 28, 2025 at 2:44 PM
Most companies are getting AI implementation wrong.
They’re focused on using it to *replace* humans rather than *enhance* humans.
The ones that recognize this now will gain a massive lead in this race.
They’re focused on using it to *replace* humans rather than *enhance* humans.
The ones that recognize this now will gain a massive lead in this race.
Reposted by Matthias Luft
I wrote up some more information on the differences between adding SYS_ADMIN and CAP_SYS_ADMIN to pods in Kubernetes. It highlights some new things I learned about how the CRI you use can affect how pods are run. raesene.github.io/blog/2025/04...
Cap or no cap
raesene.github.io
April 23, 2025 at 10:43 AM
I wrote up some more information on the differences between adding SYS_ADMIN and CAP_SYS_ADMIN to pods in Kubernetes. It highlights some new things I learned about how the CRI you use can affect how pods are run. raesene.github.io/blog/2025/04...
Reposted by Matthias Luft
I didn't even think about this yet, but linting file- and directory names in project structures makes a lot of sense - and there is of course a tool for it:
ls-lint.org
ls-lint.org
ls-lint
An extremely fast file and directory name linter - Bring some structure to your project filesystem
ls-lint.org
April 10, 2025 at 7:39 AM
I didn't even think about this yet, but linting file- and directory names in project structures makes a lot of sense - and there is of course a tool for it:
ls-lint.org
ls-lint.org
Alright AKS, pick a lane:
Kubenet: Pods receive IP from an overlay network. Retires March 2028
Azure CNI Standard: Pods receive IP from VNET
Azure CNI Overlay: Pods receive IP from an overlay network.
Kubenet: Pods receive IP from an overlay network. Retires March 2028
Azure CNI Standard: Pods receive IP from VNET
Azure CNI Overlay: Pods receive IP from an overlay network.
April 2, 2025 at 9:00 AM
Alright AKS, pick a lane:
Kubenet: Pods receive IP from an overlay network. Retires March 2028
Azure CNI Standard: Pods receive IP from VNET
Azure CNI Overlay: Pods receive IP from an overlay network.
Kubenet: Pods receive IP from an overlay network. Retires March 2028
Azure CNI Standard: Pods receive IP from VNET
Azure CNI Overlay: Pods receive IP from an overlay network.
Great article on using GitHub as a workflow platform:
github.blog/engineering/...
Can absolutely recommend for security workflows and management as well!
github.blog/engineering/...
Can absolutely recommend for security workflows and management as well!
IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions
A look into building IssueOps workflows on GitHub to do everything from CI/CD to handling approvals and more.
github.blog
April 1, 2025 at 1:00 PM
Great article on using GitHub as a workflow platform:
github.blog/engineering/...
Can absolutely recommend for security workflows and management as well!
github.blog/engineering/...
Can absolutely recommend for security workflows and management as well!
Quite some #IngressNightmare #CVE-2025-1974 PoCs on GitHub now that look good at a cursory review:
github.com/hakaioffsec/...
github.com/yoshino-s/CV...
github.com/Esonhugh/ing...
github.com/hi-unc1e/CVE...
github.com/lufeirider/I...
github.com/zwxxb/CVE-20...
github.com/rjhaikal/POC...
github.com/hakaioffsec/...
github.com/yoshino-s/CV...
github.com/Esonhugh/ing...
github.com/hi-unc1e/CVE...
github.com/lufeirider/I...
github.com/zwxxb/CVE-20...
github.com/rjhaikal/POC...
GitHub - hakaioffsec/IngressNightmare-PoC: This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).
This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974). - hakaioffsec/IngressNightmare-PoC
github.com
March 31, 2025 at 8:39 AM
Quite some #IngressNightmare #CVE-2025-1974 PoCs on GitHub now that look good at a cursory review:
github.com/hakaioffsec/...
github.com/yoshino-s/CV...
github.com/Esonhugh/ing...
github.com/hi-unc1e/CVE...
github.com/lufeirider/I...
github.com/zwxxb/CVE-20...
github.com/rjhaikal/POC...
github.com/hakaioffsec/...
github.com/yoshino-s/CV...
github.com/Esonhugh/ing...
github.com/hi-unc1e/CVE...
github.com/lufeirider/I...
github.com/zwxxb/CVE-20...
github.com/rjhaikal/POC...
Reposted by Matthias Luft
I wrote up some details on exploiting #IngressNightmare #CVE-2025-1974:
www.averlon.ai/blog/kuberne...
Where are we at with releasing a full PoC?
www.averlon.ai/blog/kuberne...
Where are we at with releasing a full PoC?
IngressNightmare: Kubernetes Ingress-NGINX Vulnerabilities Explained | Averlon
Discover how IngressNightmare — including CVE-2025-1974 — exploits internal exposure in Kubernetes. See what’s at risk and how to secure your ingress path.
www.averlon.ai
March 28, 2025 at 9:06 AM
I wrote up some details on exploiting #IngressNightmare #CVE-2025-1974:
www.averlon.ai/blog/kuberne...
Where are we at with releasing a full PoC?
www.averlon.ai/blog/kuberne...
Where are we at with releasing a full PoC?
Great #IngressNightmare CVE-2025-1974 write-up:
securitylabs.datadoghq.com/articles/ing...
Key point missing from many other sources: Exploitation from Internet is non-default and unlikely, but privilege escalation within cluster is by default possible.
securitylabs.datadoghq.com/articles/ing...
Key point missing from many other sources: Exploitation from Internet is non-default and unlikely, but privilege escalation within cluster is by default possible.
The 'IngressNightmare' vulnerabilities in the Kubernetes Ingress NGINX Controller: Overview, detection, and remediation | Datadog Security Labs
Learn how the Kubernetes Ingress NGINX Controller vulnerabilities work, how to detect and remediate them.
securitylabs.datadoghq.com
March 26, 2025 at 11:09 AM
Great #IngressNightmare CVE-2025-1974 write-up:
securitylabs.datadoghq.com/articles/ing...
Key point missing from many other sources: Exploitation from Internet is non-default and unlikely, but privilege escalation within cluster is by default possible.
securitylabs.datadoghq.com/articles/ing...
Key point missing from many other sources: Exploitation from Internet is non-default and unlikely, but privilege escalation within cluster is by default possible.
Reposted by Matthias Luft
Last week we launched a free webapp that shows the tens of thousands of UK companies whose ownership is being hidden, in most cases unlawfully.
It's now easier to use, faster, and has way more features. Quick thread.
It's now easier to use, faster, and has way more features. Quick thread.
March 24, 2025 at 9:34 AM
Last week we launched a free webapp that shows the tens of thousands of UK companies whose ownership is being hidden, in most cases unlawfully.
It's now easier to use, faster, and has way more features. Quick thread.
It's now easier to use, faster, and has way more features. Quick thread.
Reposted by Matthias Luft
TIL that because the FFmpeg project has gained so much experience in hand-writing assembly code to provide huge speedups, they now are putting together a series of lessons for learning assembly:
Vibe coding is fun and all, but this is probably a better use of time!
github.com/FFmpeg/asm-l...
Vibe coding is fun and all, but this is probably a better use of time!
github.com/FFmpeg/asm-l...
GitHub - FFmpeg/asm-lessons: FFMPEG Assembly Language Lessons
FFMPEG Assembly Language Lessons. Contribute to FFmpeg/asm-lessons development by creating an account on GitHub.
github.com
March 24, 2025 at 6:24 AM
TIL that because the FFmpeg project has gained so much experience in hand-writing assembly code to provide huge speedups, they now are putting together a series of lessons for learning assembly:
Vibe coding is fun and all, but this is probably a better use of time!
github.com/FFmpeg/asm-l...
Vibe coding is fun and all, but this is probably a better use of time!
github.com/FFmpeg/asm-l...
Reposted by Matthias Luft
In an effort to bring here what little of value is still on the birdsite, allow me to present some absolutely bonkers corporate espionage, in which Deel's execs had a spy at rival Rippling. The complaint is a gripping must-read! rippling2.imgix.net/Complaint.pdf
rippling2.imgix.net
March 17, 2025 at 7:19 PM
In an effort to bring here what little of value is still on the birdsite, allow me to present some absolutely bonkers corporate espionage, in which Deel's execs had a spy at rival Rippling. The complaint is a gripping must-read! rippling2.imgix.net/Complaint.pdf
I updated my #Kubernetes resource exhaustion testing tool to include inode exhaustion:
github.com/uchi-mata/do...
github.com/uchi-mata/do...
GitHub - uchi-mata/dostainer
Contribute to uchi-mata/dostainer development by creating an account on GitHub.
github.com
March 11, 2025 at 7:52 AM
I updated my #Kubernetes resource exhaustion testing tool to include inode exhaustion:
github.com/uchi-mata/do...
github.com/uchi-mata/do...
Reposted by Matthias Luft
