Imre RadSneaky write hook: git clone to root on k8s nodeKubernetes supports the concept of volumes (aka storage drivers). This concept makes it possible to extend or facilitate providing data to…Jul 8Jul 8
Imre RadGitHub Enterprise Server vulnsThis is the follow up of my previous write up titled GitHub Bug bounty experiences: actions and CLI. I kept looking for GitHub…Feb 16Feb 16
Imre RadGithub bug bounty experiences — Actions and CLIGithub bug bounty program has celebrated its 9th birth day recently and I decided to try myself in that space.Sep 7, 2023Sep 7, 2023
Imre RadDVB-D (DVB over DLNA)Disclaimer: the project I’m outlining here, is highly experimental —kind of a PoC. Also, DVB-D is not a consortium standard for broadcast…Apr 13, 2023Apr 13, 2023
Imre RadClipboard hazard with Google SheetsThis is an advisory about an interesting attack vector against Google Sheets that abuses embedded Sheets documents to exfiltrate content…Mar 25, 2022Mar 25, 2022
Imre RadThe Speckle Umbrella story — part 2Back then in January, I reported a vulnerability to Google that let me spawn a remote shell on Cloud SQL instances, both MySQL and…Oct 18, 2021Oct 18, 2021
Imre RadGoogle Cloud Build — under the hoodThis story began shortly after I published an advisory about a DHCP related flaw that affected Google’s Compute Engine. Dávid Schütz…Sep 1, 2021Sep 1, 2021
Imre RadThe Nomulus riftIn the middle of 2020, I decided to look for vulnerabilities in some open source products of Google. They have many such projects, a public…Aug 24, 2021Aug 24, 2021
Imre RadDropping a shell in Google’s Cloud SQL (the speckle-umbrella story)IntroFeb 16, 2021Feb 16, 2021