Tools Resources
XZ incident

Understanding the New CVE-2024-3094: What You Need to Know

Panoptica Security Research Team<
By: Panoptica Security Research Team
Apr 9, 2024

CVE-2024-3094, also known as the XZ vulnerability, was announced on March 29, 2024. The vulnerability was assigned the highest severity level, with a CVSS score of 10, indicating a critical risk and possibly allowing, under some conditions, unauthorized access to the entire system via SSH authentication on various linux distributions. The vulnerability originated from a supply chain compromise and impacts the most recent versions (v5.6.0 and…

AWS_Blog

AWS ECR Public Vulnerability

Gafnit Amiga<
By: Gafnit Amiga
Dec 13, 2022

Executive Summary I discovered a critical AWS Elastic Container Registry Public (ECR Public) vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS Accounts, by abusing undocumented internal ECR Public API actions. Prior to mitigation, this vulnerability could have potentially led to denial of service, data exfiltration, lateral movement, privilege…

Azure Cloud Shell

Azure Cloud Shell Command Injection Stealing User’s Access Tokens

Gafnit Amiga<
By: Gafnit Amiga
Sep 20, 2022

Azure Cloud Shell is an interactive, authenticated, browser-accessible shell for managing Azure resources. This post describes how I took over an Azure Cloud Shell trusted domain and leveraged it to inject and execute commands in other users’ terminals. Using the executed code, I accessed the Metadata service attached to the terminal and obtained the user’s access token. This access token provides an attacker the Azure permissions…

AWS IAM Authenticator

Exploiting Authentication in AWS IAM Authenticator for Kubernetes

Gafnit Amiga<
By: Gafnit Amiga
Jul 11, 2022

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that helps you to create, operate, and maintain Kubernetes clusters. Amazon EKS has several deployment options including AWS cloud and on-premises (Amazon EKS Anywhere). Amazon EKS uses IAM to provide authentication to the cluster through the AWS IAM Authenticator for Kubernetes. AWS IAM Authenticator is a component located inside your Kubernetes cluster’s control plane that enables…

Kubernetes NGINX

New Vulnerabilities in Kubernetes NGINX Ingress Controller

Gafnit Amiga<
By: Gafnit Amiga
Jul 6, 2022

Starting in October 2021, the NGINX’s Kubernetes Ingress Controller started to come under siege from security researchers and the open salvo was delivered in the form of CVE-2021-25742 which allowed attackers to gain access to secrets stored across all namespaces in a Kubernetes cluster. Around that time, the Panoptica Security Research & Development Team published a blog explaining the vulnerability, the potential impact of active exploitation, and provided Blue…

AWS RDS Vulnerability

AWS RDS Vulnerability Leads to AWS Internal Service Credentials

Gafnit Amiga<
By: Gafnit Amiga
Apr 11, 2022

TL; DR Panoptica's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. The internal AWS service was connected to AWS internal account, related to the RDS service. The vulnerability was reported to AWS Security team, who right after applied an initial patch limited only to the recent RDS and…

Amazon Redshift

Amazon Redshift – COPY The Risk

Dana Tsymberg<
By: Dana Tsymberg
Mar 30, 2022

TL;DR Amazon Redshift is a fully managed petabyte-scale data warehouse service in the cloud, designed specifically for online analytics processing (OLAP) and business intelligence (BI) applications, which require complex queries against large datasets. Redshift is a powerful service, integrated with many data sources where some of them might include sensitive information. Therefore, it is important to understand the connections between the services and the potential…