Showing Posts From
January 2019
- 23 Jan 2019
What the Fuzz
Fuzzing is an automated software testing technique that generates random inputs to identify potential vulnerabilities in programs. The article explores fuzzing fundamentals, including its architecture, different approaches like dumb and smart fuzzing, and a selection of fuzzing tools and recent research. The goal is to provide an overview of fuzzing techniques and their potential for discovering software bugs.
-
Tinus Green - 17 Jan 2019
CAPTCHA-22: Breaking Text-Based CAPTCHAs with Machine Learning
A machine learning technique was developed to break text-based CAPTCHAs using an Attention-based OCR model. By manually labeling training data from a large dataset of CAPTCHA images, near-perfect accuracy was achieved in solving various CAPTCHA implementations. The study demonstrated how machine learning can effectively bypass traditional text-based CAPTCHA systems with minimal computational resources.
- Alex Kaskasoli
- 11 Jan 2019
Attacking Kubernetes through Kubelet
A method of attacking Kubernetes clusters by exploiting the default kubelet configuration is detailed in this article. The vulnerability allows anonymous authentication to the kubelet API, enabling attackers to list pods, execute commands in containers, and potentially obtain service account tokens. These tokens can be used to access the kube-apiserver and gain deeper access to the Kubernetes cluster.