November 2021 Edition

Welcome to Nullcon’s Newsletter! With so much going on in the infosec industry, it’s often difficult to keep up with everything. Subscribe to our #MonthlyNewsletter to stay updated with current happenings.

Latest Updates in Cloud Sector

Canary Token as Kubernetes Config File

A beast indeed! Thinkst’s Canary Token are used for attack detection. It is an excellent way to tripwire crucial servers and locations. With minimum clicks, it drops legitimate-looking resources on an individual’s network that alert them when in use. If rightly selected, it is impossible for a threat actor to confront while also guaranteeing an alert when it is accessed or used. Thinkst’s keeps expanding and offers a portfolio of free tokens—recently they have also included Kubernetes config file as a token. Kubernetes is the most popular container orchestrator and has continued to be adopted widely at a steady pace, even in odd places such as the U.S. Army. The blog digs deeper into the inner workings of the Canary Token.

Thousands of Secrets Leaked via Public Containers

“If you push a Docker Image to a Docker Hub (user or organization) account without a paid subscription, by default, the image will be publicly accessible.” Docker being synonymous with Containers allows developers to package code, libraries, its dependencies, and much more to run reliably on numerous computing platforms. The containers hold a good amount of information about companies’ infrastructure. Docker Hub provides free public repositories for images for +1.6 million unique users. Knowing this, Red Hunt Labs did a review of publicly exposed containers and identified a massive amount of leaked secrets. They elaborated that it’s mainly due to CVEs in the software packed with the base image that makes it so vulnerable.

CI/CD Pipeline: Attack Matrix

When it comes to Continuous Integration (CI) and Continuous Delivery (CD) Pipeline, the whole attack surface needs to be considered. However, Supply Chain attacks pose a serious threat. The article states how to effectively attack and defend CI/CD Pipeline. The initial access stage includes techniques that let the Supply Chain attack the application library, tools, and container images in CI/CD. Secondly, how to use the developer’s credentials to access Git Repository Service and usage of SSH (Secure Shell) key or Tokens to access CI/CD Service Servers directly. Lastly, it focuses on the use of SSH keys, Tokens to access to Server hosting Git Repository.

Latest Updates in Infrastructure

Industrial Control Systems (ICS) Vulnerability Research Around DDS

Federico Maggi and his fellow researchers are studying the underlying default communication middleware of Robotic Operating System (ROS) 2: OMG’s Data Distribution Service (DDS) and its most popular implementations. They found all DDS implementations vulnerable to various attacks and demonstrated how ROS 2 systems can be compromised easily due to the insecurities detected at the layer.

Randori or Palo Alto Networks Zero-Day

A major debate around ethics of hoarding or stockpiling zero-days vulnerabilities; if it should or shouldn’t be done! Earlier discovered by Randori, Palo Alto Networks (PAN) provided an update that patched CVE-2021-3064 vulnerability that affects PAN firewalls using the GlobalProtect Portal VPN. It also allows for unauthenticated remote code execution on vulnerable installations of the product. The problem affects various versions of PAN-OS 8.1 prior to 8.1.17 and Randori found a varied number of vulnerabilities exposed on internet-facing assets. This article caused a lot of debate and confusion as Palo Alto kept the bug with themselves and disclosed much later. Furthermore, Katie M did a follow-up discussion with Randori to gain some light.

Microsoft Exchange RCE Bug Released by Exploit is Now Patched

Successful exploitation of CVE-2021-42321 lets authenticated threat actors execute code remotely on vulnerable Exchange Server 2016 and 2019 (including those used by customers in Exchange Hybrid mode). The security bug was patched by Microsoft; however, two weeks later, researcher Janggggg published a proof of concept exploit for the Exchange post-authentication Remote Code Execution (RCE) bug. With this vulnerability, it is possible to target more than a quarter of a million Microsoft Exchange servers, belonging to tens of thousands of organizations around the world. The US and its allies, including the EU, the UK, and NATO officially blamed China for these widespread Microsoft Exchange hacking attacks. Analysis of Microsoft Exchange server Deserialization bug was also used in Tianfu Cup 2021.

Latest Updates in Web Application

IETF Plans: Convert the Previous Private Network to Allocatable IP Range

It is crucial to conserve IP address space on the internet, therefore making sense to consider where relatively minor changes can be made to fielded practice to improve numbering efficiency. One such change proposed in the article is to allow the unicast use of more than 16 million historically reserved addresses in the middle of the IPv4 address space. This can have a bigger impact as everyone assumes is fully private which will not be the case anymore. Lots of tooling and IP tables or similar rules will cause trouble.

Minimum Baseline for Secure Product

Minimum Viable Secure Product is a moderate security agenda checklist for B2B programming and business process outsourcing suppliers. Planned in light of simplicity, the checklist contains just those controls that must, at any rate, be carried out to guarantee a sensible security posture. Highly recommended to all the organizations building B2B programming or in any case taking care of sensitive data.

Must-Know November Articles

Defenders Mindset

A collection of thoughts, quotes, tweets, and more to understand the difference between an infosec professional versus an attacker. For instance, the attacker seeks to turn illegitimate access into legitimate access. Malware and exploits may play some part in their toolkit, however, threat actors are just IT individuals with different goals.

Legal Cost Calculation that can put an ROI on Security Spends

The lawful costs following a data breach are frequently a lot more expensive than anticipated, however, most understood as far as settlements. Settlements get featured, however dont paint the entire image of harms worth staying away from. Data breaches cant have a significant case cost if nobody slaps a case against you. A medium profile class activity can foster million-dollar coasts just from the consolidation process into a single action case. The article explains well the legal cost calculation when it comes to data breaching.


About the Expert


Anant Shrivastava

Anant Shrivastava is an information security professional with 12+ yrs of corporate experience with expertise in Network, Mobile, Application, and Linux Security. During his career, he has been a speaker and a trainer at various international conferences (Black Hat -USA, ASIA, EU, Nullcon, c0c0n, and many more). Anant also leads Open Source projects such as Android Tamer and CodeVigilant. In his free time, he likes to participate in open communities targeted towards spreading information security knowledge such as null ( His work can be found at