Skip to content

Instantly share code, notes, and snippets.

Avatar
🧄
Working on grlx

Tai Groot taigrr

🧄
Working on grlx
View GitHub Profile
@taigrr
taigrr / Megathread.md
Last active June 3, 2020 00:04
salt-store-miner megathread copypasta
View Megathread.md

SaltStack CVE-2020-11651 and CVE-2020-11652 Attack

Pre-Update

May 5, 7:00PM PST:

If you are reading this for the first time now, you will now need to nuke and destroy any system paired (e.g. minions) to an exploitable salt master. You should also create a new salt master. I recommend creating a backup first for forensics, but do not plan on ever reusing these systems. Information on how to tell if you could be affected is available below.

View gist:ff96f3ae9cd9a7bcc592621b796e9c27
### Keybase proof
I hereby claim:
* I am taigrr on github.
* I am taigrr (https://keybase.io/taigrr) on keybase.
* I have a public key ASAXXeUAA5yDNZvfPfNDA54ovS-LAkP-ctMehvqpyWVrnAo
To claim this, I am signing this object: