Summary In part 1 of this blog series, we discussed how reflective code loading using anonymous files works in Linux. In this blog, We will dive deeper into how to detect and respond to such behavior. We will also discuss legitimate usage of the anonymous file. This blog is co-authored…

Background Recently, a few vulnerabilities in Azure (named: OMIGOD) were discovered by Wiz’s research team: CVE-2021–38647 — Unauthenticated RCE as root (Severity: 9.8) CVE-2021–38648 — Privilege Escalation vulnerability (Severity: 7.8) CVE-2021–38645 — Privilege Escalation vulnerability (Severity: 7.8) CVE-2021–38649 — Privilege Escalation vulnerability (Severity: 7.0) These vulnerabilities exist in the ubiquitous software…

Introduction The simplicity and flexibility of microservice architecture has led to an increasing adoption of containers and kubernetes in the cloud. According to Gartner, more than 75% of global organizations will be running containerized apps in production by 2022. As the adoption increases, threat actors are evolving their toolsets to compromise…

A heap overflow vulnerability in sudo was recently discovered (CVE-2021-3156, named: Baron Samedit). By exploiting this vulnerability, any unprivileged user can use the default sudo configuration to obtain root privileges (no password required) on the vulnerable host. Interestingly, the sudo privilege escalation vulnerability remained undiscovered for nearly ten years. It…