Jason Trost jatrost
bgeesaman
/ CVE-2019-11253-poc.sh
Last active
December 29, 2022 14:25
CVE-2019-11253 Kubernetes API Server YAML Parsing Remote Denial of Service PoC aka "Billion Laughs"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # CVE-2019-11253 | |
| # https://github.com/kubernetes/kubernetes/issues/83253 | |
| # Shout out: @raesene for poc collab, @iancoldwater + @mauilion for | |
| # HONKing inspiration and other guidance. | |
| # Description: In Kubernetes 1.13 and below, the default configuration | |
| # is that system:anonymous can request a selfsubjectaccessreview | |
| # via mechanisms such as "kubectl auth can-i". This request can | |
| # include POSTed YAML, and just the act of trying to parse it causes |
nasbench
/ pwsh_dirty_words.yml
Last active
January 10, 2024 13:58
List of suspicious strings used by PowerShell `SuspiciousContentChecker` function
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Source: System.Management.Automation.dll | |
| # This list is used to determin if a ScriptBlock contains potential suspicious content | |
| # If a match is found an automatic 4104 with a "warning" level is generated. | |
| # https://github.com/PowerShell/PowerShell/blob/master/src/System.Management.Automation/engine/runtime/CompiledScriptBlock.cs | |
| - "Add-Type" | |
| - "AddSecurityPackage" | |
| - "AdjustTokenPrivileges" | |
| - "AllocHGlobal" | |
| - "BindingFlags" | |
| - "Bypass" |
OlderNewer