Category: Web Exploitation

Dupe Key Injector

Dupe Key Injector: new XML signature bypass technique

Dupe Key Injector Dupe Key Injector is a Burp Suite extension implementing Dupe Key Confusion, a new XML signature bypass technique presented at BSides/BlackHat/DEFCON 2019 “SSO Wars: The Token Menace” presentation. Dupe Key Confusion...

Kubolt: scanning public kubernetes clusters

Kubolt is a simple utility for scanning public unauthenticated kubernetes clusters and runs commands inside containers. Why? Sometimes, the kubelet port 10250 is open to unauthorized access and makes it possible to run commands...