Labs Resources

Gaining Persistency on Vulnerable Lambdas

See Resource

Non-root containers, Kubernetes CVE-2019-11245 and why you should care

See Resource

Recent Kubernetes vulnerability exposed pprof interface

See Resource

Privilege Escalation in Cloud Foundry UAA – CVE-2019-11270

See Resource

Finding a DoS vulnerability in NATS with go-fuzz – CVE-2019-13126

See Resource

Vulnerabilities in Nexus Repository left thousands of artifacts exposed

See Resource

SQL injection in Cloud Foundry UAA – CVE-2019-11268

See Resource

T19 CTF Solution Writeup

See Resource

Breaking Out of rkt – 3 New Unpatched CVEs

See Resource

What went wrong under Singularity Runtime – CVE-2019-11328

See Resource

Falco Vulnerability – CVE-2019-8339

See Resource

Unpacking Envoy Vulnerabilities (CVE-2019-9900 and CVE-2019-9901) and How it Impacts Istio

See Resource

Disclosing a directory traversal vulnerability in Kubernetes copy – CVE-2019-1002101

See Resource

Breaking out of Docker via runC – Explaining CVE-2019-5736

See Resource

T19 Challenge – Twistlock Lab’s first security challenge summary and solutions

See Resource

Kubernetes emergency survival: Hotfix patching running pods

See Resource

Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)

See Resource

Buffer Overflows in QEMU: Disclosing Four New CVEs

See Resource

Tracking Down Exposed Kubernetes Instances in the Wild

See Resource

The state of exposed container applications and registries | Labs research

See Resource

How to Crash the Linux Kernel with a CDROM Interaction – CVE-2018-11506

See Resource

Twistlock Protection for Kubernetes Specific Attacks

See Resource

OpenShift Source-To-Image Vulnerability – CVE-2018-1102

See Resource

Security Pitfalls in Microsoft Azure Function Apps

See Resource

CVE-2018-1000142: Jenkins Github Pull Request Builder Vulnerability Explained

See Resource

Deep dive on the most severe Kubernetes vulnerabilities to date – CVE-2017-1002101 and CVE-2017-1002102

See Resource

Securing Kubernetes for OpenFaaS and beyond

See Resource

Dear developers, beware of DNS Rebinding

See Resource

Blocking Malicious Behavior and Exploits in Containers with Twistlock

See Resource

Escaping Docker container using waitid() – CVE-2017-5123

See Resource

Introduction to Serverless Security, Part 1

See Resource

Hiding content from Git + more on escape sequences | TwistlockLabs Experiment

See Resource

CVE-2017-16544: A Busybox autocompletion vulnerability

See Resource

Kubernetes 1.8 In-Depth Review

See Resource

Recent Dnsmasq Vulnerabilities Explained

See Resource

CVE-2017-9805: Apache Struts RCE Security Alert

See Resource

Solving the Vulnerable Docker VM

See Resource

Secure Deployment of Helm Repositories through Client Side Certificates

See Resource

Recent Vulnerabilities in RubyGems: Security Alert

See Resource

Encrypt Secret Data with Kubernetes

See Resource

CVE-2017-9951 – Heap Overflow in Memcached Server <= 1.4.38 | Twistlock Vulnerability Report

See Resource

Alpine Linux exploitation (Pt 2 of 2) | Twistlock Security Alert

See Resource

Jenkins Java Deserialization Unauthenticated Remote Code Execution | Twistlock Security Alert

See Resource

WordPress 4.7.0/4.7.1 Unauthenticated Content Injection | Twistlock Security Alert

See Resource

Samba Vulnerability CVE-2017-7494 | Twistlock Security Alert

See Resource