R00tedsec

New post, let's dive into deploying your own k3s cluster to host your development environment with security measures in place. 🔒 Secure K3s At Home I: How to deploy your own k3s! 🚧 r00tedsec.es/p/k3s-at-home-…

🚨❗️Nueva charla confirmada❗🚨 Iván García Lozano y Alejandro Bermejo Pérez (@R00tedSec) nos hablarán sobre redes 5G, nuevos vectores de ataque y cómo un honeypot puede convertirse en una herramienta clave para la caza de amenazas e inteligencia de seguridad. 📶🎯

Easy way to mitigate the risks: 1. Harden your SSH and security with fail2ban if you're on a VPS (very important). 2. Don't use reverse proxies, use tailscale instead. 3. Run on your own hardware locally - more secure. 4. Have clawdbot invite you to calendar events, don't just GIVE IT your calendar. 5. Compartmentalize access to everything. 6. Install local models for super simple tasks, and learn how to use "merge" so clawdbot can automatically switch between models to control token usage and costs. 7. Install top skills at clawdhub.com (most are optimized for MacOS, btw) and learn how they work. 8. Train clawdbot to use logseq.com so you can have a visual on all the changes it's making across the system. Knowledge is power.

Our Docker images had 847 vulnerabilities. All from the base image. We were using ubuntu:latest. The fix: - Switched to distroless images - Reduced image size from 420MB to 28MB - Vulnerabilities dropped to 3 - Container startup time improved by 60% Then discovered our CI/CD was pulling images without verification. Added: - Image signing with Cosign - Vulnerability scanning in pipeline - Admission controller to block unsigned images Security and performance often align. Smaller surface area equals fewer problems.

Your Docker containers are slow, bloated, and vulnerable. And you’re probably making the same mistakes 90% of engineers make in production. Take my advice and please • Don’t use “latest” tags, instead use specific versions like node:18.17-alpine • Don’t build single-stage fat images; instead, use multi-stage builds to get 50MB images instead of 800MB • Don’t run containers as root, instead, create a non-root user for security • Don’t copy everything with COPY . ., instead use .dockerignore and specific COPY commands • Don’t let containers use unlimited resources, instead set proper memory and CPU limits • Don’t deploy without health checks, instead add HEALTHCHECK commands so Kubernetes knows your app works • Don’t create 20 separate RUN layers, instead combine commands with && to minimize layers • Don’t skip security scanning, instead use docker scan or Trivy in your CI/CD pipeline • Don’t use full OS images for simple apps, instead use scratch or distroless base images • Don’t write logs to files inside containers; instead, log to stdout/stderr and let orchestrators handle collection These practices make the difference between hobby projects and production systems. Your containers should be fast, secure, and predictable. Not slow, vulnerable time bombs.

5GHOUL: Unleashing Chaos on 5G Edge Devices via Stateful Multi-layer Fuzzing asset-group.github.io/papers/5Ghoul.…

The SCTP protocol on Linux provides a reliable and stealthy way to access Linux. In this thread I'm going to demonstrate a simple SCTP backdoor and how it can be missed by security teams. Then I'll show you how to look for this kind of activity.

It's a shame too. Blue Team is infinitely more interesting. I have deep respect and admiration for people who do DFIR, SOC, and DEVSECOPS, etc. I've learned more from defensive approaches than I have offensive. Blue Team just isn't as "flashy".

🚨 A 10-year-old flaw (CVE-2025-49113 / CVSS 9.9) in Roundcube Webmail could let hackers take over your system. Nation-state groups like APT28 have already exploited Roundcube before. 🔗 Read: thehackernews.com/2025/06/critic… 🔧 Patch to 1.6.11 or 1.5.10 LTS now. 📌 PoC coming soon.

Exposing the flaw in our phone system youtu.be/wVyu7NB7W6Y?si…

> critical 9.9 cvss "unauthenticated" rce on linux!!!! > look inside > requires local network access, user interaction, and non-default configuration

There are two kinds of people at Microsoft. The guy who found that SSH was taking a few extra milliseconds to connect and was insistent on knowing why. And the person who has decided the Microsoft Mac RDP client will be rebranded to “Windows App”

En 2017, con 3,7 MB de código, WannaCry bloqueó 300.000 ordenadores en 48 horas. En 2024, 40 KB de un archivo de configuración defectuoso bloqueó 8,1 millones de ordenadores en 1,5 horas. Aunque es comparar peras con manzanas, ilustra los peligros del monocultivo #Windows.

How to fix the Crowdstrike thing: 1. Boot Windows into safe mode 2. Go to C:\Windows\System32\drivers\CrowdStrike 3. Delete C-00000291*.sys 4. Repeat for every host in your enterprise network including remote workers 5. If you're using BitLocker jump off a bridge

5️⃣ IDEAS para la transformación digital de España 💡 Yo no sé de política, pero he hecho toda mi carrera profesional en la tecnología. Incluyendo fundar, desarrollar y vender una empresa tecnológica. Aquí van mis propuestas para mejorar nuestro país. 🧵👇

🚨 A critical OpenSSH flaw (CVE-2024-6387) allows unauthenticated remote code execution on glibc-based Linux systems. 14 million servers at risk. thehackernews.com/2024/07/new-op… Apply the latest patches now!

Acompañadme en este pequeño hilo que cubre el drama de hoy 🧵⬇️ La historia empieza con Jia Tan (JiaT75 en github), un maintainer de xz (librería de compresión que se usa en monton de sitios).

Just dropped a blog on mastering web crawling with Katana for security audits! 🕷️ From Firefox setup to deep diving with advanced flags, learn the secrets to uncovering hidden vulnerabilities. Check it out! ✨ #infosec #CyberSecurity #Hacking kayssel.com/post/hacking-w…

In the last post, we covered how to deploy your own k3s cluster.👨‍💻 Now, let's take a deep dive into Kubernetes to understand how it works. From Zero To Hero I: What is kubernetes and how it works 🏛️ r00tedsec.es/p/from-zero-to…