The Underground ransomware gang is launching continuous ransomware attacks against companies in various countries and industries, including South Korea. This post describes the analysis and characteristics of the Underground ransomware. 1. Overview 1.1 Team Underground The ransomware strain operated by the group known as Underground was first identified in early July 2023. Afterward, their […]| ASEC
Okta goes passwordless by making password checking... optional.| authentik Blog
Builder is a neat box focused on a recent Jenkins vulnerability, CVE-2024-23897. It allows for partial file read and can lead to remote code execution. I’ll show how to exploit the vulnerability, explore methods to get the most of a file possible, find a password hash for the admin user and crack it to get access to Jenkins. From in Jenkins, I’ll find a saved SSH key and show three paths to recover it. First, dumping an encrypted version from the admin panel. Second, using it to SSH into ...| 0xdf hacks stuff
Published on| offsec.almond.consulting