Technical write-up about how I opened a reverse shell in Google's managed MySQL and Postgres platforms irsl.medium.com/dropping-a-she…

Tech details about an elevation of privileges flaw in Microsoft's Diagnostics Hub service. github.com/irsl/microsoft… CVE-2021-28321 CVE-2021-28322 CVE-2021-28323

A yet-unfixed flaw affecting virtual machines hosted in the Compute Engine platform of Google: abusing the DHCP protocol allows taking over hosts (getting a root shell) remotely. github.com/irsl/gcp-dhcp-… #Google #GCP

Golang's TLS client implementation had been vulnerable to a denial of service flaw since the very beginnings (including 1.0!). The victim golang client apps, when connecting to an attacker controlled TLS server (e.g. https), may crash (panic). github.com/alexzorin/cve-…

Not a real credit card, but looks still awesome;) thanks Google VRP (Google Bug Hunters)

Researchers, if you publish a zero day like the one in #log4j, please kindly schedule it to Monday.

Write up about the first batch of findings I reported to the Github bug bounty program: irsl.medium.com/github-bug-bou… One flaw in Github Actions and a couple in Github CLI. The next article will be about Github Enterprise Server :)

Some fun for the weekend