diff --git a/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md b/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md index 83fa1f7e15..b9b7a2152f 100644 --- a/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md +++ b/src/pentesting-ci-cd/github-security/abusing-github-actions/README.md @@ -508,7 +508,7 @@ An example can be find in the following expandable:
-Github Action Build & Push Docker Image +Github Action Build & Push Docker Image ```yaml [...] diff --git a/src/pentesting-ci-cd/vercel-security.md b/src/pentesting-ci-cd/vercel-security.md index e207a0da39..cb7492f759 100644 --- a/src/pentesting-ci-cd/vercel-security.md +++ b/src/pentesting-ci-cd/vercel-security.md @@ -20,7 +20,7 @@ For a hardening review of **Vercel** you need to ask for a user with **Viewer ro - **Misconfiguration:** Allows to transfer the project to another team - **Risk:** An attacker could steal the project - **Delete Project** - - **Misconfiguration:** Allows to delete the project + - **Misconfiguration:** Allows to delete the project - **Risk:** Delete the prject --- @@ -287,7 +287,7 @@ For a hardening review of **Vercel** you need to ask for a user with **Viewer ro - **Misconfiguration:** Allows to transfer all the projects to another team - **Risk:** An attacker could steal the projects - **Delete Project** - - **Misconfiguration:** Allows to delete the team with all the projects + - **Misconfiguration:** Allows to delete the team with all the projects - **Risk:** Delete the projects --- @@ -344,7 +344,7 @@ An **Access Group** in Vercel is a collection of projects and team members with #### Security Configurations: - **Team Email Domain:** When configured, this setting automatically invites Vercel Personal Accounts with email addresses ending in the specified domain (e.g., `mydomain.com`) to join your team upon signup and on the dashboard. - - **Misconfiguration:** + - **Misconfiguration:** - Specifying the wrong email domain or a misspelled domain in the Team Email Domain setting. - Using a common email domain (e.g., `gmail.com`, `hotmail.com`) instead of a company-specific domain. - **Risks:** diff --git a/src/pentesting-cloud/aws-security/aws-basic-information/README.md b/src/pentesting-cloud/aws-security/aws-basic-information/README.md index 02e6e77297..201d1cad39 100644 --- a/src/pentesting-cloud/aws-security/aws-basic-information/README.md +++ b/src/pentesting-cloud/aws-security/aws-basic-information/README.md @@ -118,7 +118,7 @@ Users can have **MFA enabled to login** through the console. API tokens of MFA e - **Secret access key ID**: 40 random upper and lowercase characters: S836fh/J73yHSb64Ag3Rkdi/jaD6sPl6/antFtU (It's not possible to retrieve lost secret access key IDs). Whenever you need to **change the Access Key** this is the process you should follow:\ -&#xNAN;_Create a new access key -> Apply the new key to system/application -> mark original one as inactive -> Test and verify new access key is working -> Delete old access key_ +_Create a new access key -> Apply the new key to system/application -> mark original one as inactive -> Test and verify new access key is working -> Delete old access key_ ### MFA - Multi Factor Authentication diff --git a/src/pentesting-cloud/aws-security/aws-persistence/aws-sts-persistence.md b/src/pentesting-cloud/aws-security/aws-persistence/aws-sts-persistence.md index 74db04bec0..b16516ea16 100644 --- a/src/pentesting-cloud/aws-security/aws-persistence/aws-sts-persistence.md +++ b/src/pentesting-cloud/aws-security/aws-persistence/aws-sts-persistence.md @@ -18,8 +18,8 @@ Temporary tokens cannot be listed, so maintaining an active temporary token is a # With MFA aws sts get-session-token \ - --serial-number <mfa-device-name> \ - --token-code <code-from-token> + --serial-number \ + --token-code # Hardware device name is usually the number from the back of the device, such as GAHT12345678 # SMS device name is the ARN in AWS, such as arn:aws:iam::123456789012:sms-mfa/username diff --git a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md index d1337948f2..b5cb2fbde1 100644 --- a/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md +++ b/src/pentesting-cloud/aws-security/aws-privilege-escalation/aws-sagemaker-privesc.md @@ -105,7 +105,7 @@ curl "http://169.254.170.2$AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" ### `sagemaker:CreateHyperParameterTuningJob`, `iam:PassRole` An attacker with those permissions will (potentially) be able to create an **hyperparameter training job**, **running an arbitrary container** on it with a **role attached** to it.\ -&#xNAN;_I haven't exploited because of the lack of time, but looks similar to the previous exploits, feel free to send a PR with the exploitation details._ +_I haven't exploited because of the lack of time, but looks similar to the previous exploits, feel free to send a PR with the exploitation details._ ## References diff --git a/src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md b/src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md index 927d026f08..a36cf7830a 100644 --- a/src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md +++ b/src/pentesting-cloud/aws-security/aws-services/aws-cognito-enum/cognito-identity-pools.md @@ -168,21 +168,21 @@ For this you might need to have access to the **identity provider**. If that is Anyway, the **following example** expects that you have already logged in inside a **Cognito User Pool** used to access the Identity Pool (don't forget that other types of identity providers could also be configured). 
aws cognito-identity get-id \
-    --identity-pool-id <identity_pool_id> \
-    --logins cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>=<ID_TOKEN>
+    --identity-pool-id  \
+    --logins cognito-idp..amazonaws.com/=
 
 # Get the identity_id from the previous commnad response
 aws cognito-identity get-credentials-for-identity \
-    --identity-id <identity_id> \
-    --logins cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>=<ID_TOKEN>
+    --identity-id  \
+    --logins cognito-idp..amazonaws.com/=
 
 
 # In the IdToken you can find roles a user has access because of User Pool Groups
 # User the --custom-role-arn to get credentials to a specific role
 aws cognito-identity get-credentials-for-identity \
-    --identity-id <identity_id> \
-    --custom-role-arn <role_arn> \
-    --logins cognito-idp.<region>.amazonaws.com/<YOUR_USER_POOL_ID>=<ID_TOKEN>
+    --identity-id  \
+    --custom-role-arn  \
+    --logins cognito-idp..amazonaws.com/=
> [!WARNING] diff --git a/src/pentesting-cloud/aws-security/aws-services/eventbridgescheduler-enum.md b/src/pentesting-cloud/aws-security/aws-services/eventbridgescheduler-enum.md index a2f2e0c2f4..3bde2e2545 100644 --- a/src/pentesting-cloud/aws-security/aws-services/eventbridgescheduler-enum.md +++ b/src/pentesting-cloud/aws-security/aws-services/eventbridgescheduler-enum.md @@ -8,7 +8,7 @@ **Amazon EventBridge Scheduler** is a fully managed, **serverless scheduler designed to create, run, and manage tasks** at scale. It enables you to schedule millions of tasks across over 270 AWS services and 6,000+ API operations, all from a central service. With built-in reliability and no infrastructure to manage, EventBridge Scheduler simplifies scheduling, reduces maintenance costs, and scales automatically to meet demand. You can configure cron or rate expressions for recurring schedules, set one-time invocations, and define flexible delivery windows with retry options, ensuring tasks are reliably delivered based on the availability of downstream targets. -There is an initial limit of 1,000,000 schedules per region per account. Even the official quotas page suggests, "It's recommended to delete one-time schedules once they've completed." +There is an initial limit of 1,000,000 schedules per region per account. Even the official quotas page suggests, "It's recommended to delete one-time schedules once they've completed." ### Types of Schedules diff --git a/src/pentesting-cloud/azure-security/az-basic-information/README.md b/src/pentesting-cloud/azure-security/az-basic-information/README.md index e5317d6ae9..c2c398e2bd 100644 --- a/src/pentesting-cloud/azure-security/az-basic-information/README.md +++ b/src/pentesting-cloud/azure-security/az-basic-information/README.md @@ -32,7 +32,7 @@ All the **resources** must be **inside a resource group** and can belong only to a group and if a resource group is deleted, all the resources inside it are also deleted. -

https://i0.wp.com/azuredays.com/wp-content/uploads/2020/05/org.png?resize=748%2C601&ssl=1

+

https://i0.wp.com/azuredays.com/wp-content/uploads/2020/05/org.png?resize=748%2C601&ssl=1

### Azure Resource IDs @@ -148,7 +148,7 @@ An **App Registration** is a configuration that allows an application to integra 1. **Application ID (Client ID):** A unique identifier for your app in Azure AD. 2. **Redirect URIs:** URLs where Azure AD sends authentication responses. -3. **Certificates, Secrets & Federated Credentials:** It's possible to generate a secret or a certificate to login as the service principal of the application, or to grant federated access to it (e.g. Github Actions). +3. **Certificates, Secrets & Federated Credentials:** It's possible to generate a secret or a certificate to login as the service principal of the application, or to grant federated access to it (e.g. Github Actions). 1. If a **certificate** or **secret** is generated, it's possible to a person to **login as the service principal** with CLI tools by knowing the **application ID**, the **secret** or **certificate** and the **tenant** (domain or ID). 4. **API Permissions:** Specifies what resources or APIs the app can access. 5. **Authentication Settings:** Defines the app's supported authentication flows (e.g., OAuth2, OpenID Connect). @@ -176,7 +176,7 @@ An **App Registration** is a configuration that allows an application to integra - Users can request admin consent to apps they are unable to consent to - If **Yes**: It’s possible to indicate Users, Groups and Roles that can consent requests - - Configure also if users will receive email notifications and expiration reminders + - Configure also if users will receive email notifications and expiration reminders ### **Managed Identity (Metadata)** diff --git a/src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/README.md b/src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/README.md index fe236af291..d547e25363 100644 --- a/src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/README.md +++ b/src/pentesting-cloud/azure-security/az-lateral-movement-cloud-on-prem/README.md @@ -14,15 +14,15 @@ There are different ways a machine can be connected to the cloud: #### Workplace joined -

https://pbs.twimg.com/media/EQZv7UHXsAArdhn?format=jpg&name=large

+

https://pbs.twimg.com/media/EQZv7UHXsAArdhn?format=jpg&name=large

#### Hybrid joined -

https://pbs.twimg.com/media/EQZv77jXkAAC4LK?format=jpg&name=large

+

https://pbs.twimg.com/media/EQZv77jXkAAC4LK?format=jpg&name=large

#### Workplace joined on AADJ or Hybrid -

https://pbs.twimg.com/media/EQZv8qBX0AAMWuR?format=jpg&name=large

+

https://pbs.twimg.com/media/EQZv8qBX0AAMWuR?format=jpg&name=large

### Tokens and limitations diff --git a/src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md b/src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md new file mode 100644 index 0000000000..026c9f96b0 --- /dev/null +++ b/src/pentesting-cloud/azure-security/az-post-exploitation/az-static-web-apps-post-exploitation.md @@ -0,0 +1,71 @@ +# Az - Static Web Apps Post Exploitation + +{{#include ../../../banners/hacktricks-training.md}} + +## Azure Static Web Apps + +For more information about this service check: + +{{#ref}} +../az-services/az-static-web-apps.md +{{#endref}} + +### Microsoft.Web/staticSites/snippets/write + +It's possible to make a static web page load arbitary HTML code by creating a snippet. This could allow an attacker to inject JS code inside the web app and steal sensitive information such as credentials or mnemonic keys (in web3 wallets). + +The fllowing command create an snippet that will always be loaded by the web app:: + +```bash +az rest \ + --method PUT \ + --uri "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Web/staticSites//snippets/?api-version=2022-03-01" \ + --headers "Content-Type=application/json" \ + --body '{ + "properties": { + "name": "supersnippet", + "location": "Body", + "applicableEnvironmentsMode": "AllEnvironments", + "content": "PHNjcmlwdD4KYWxlcnQoIkF6dXJlIFNuaXBwZXQiKQo8L3NjcmlwdD4K", + "environments": [], + "insertBottom": false + } + }' +``` + +### Overwrite file - Overwrite routes, HTML, JS... + +It's possible to **overwritte a fie inside the Github repo** containing the app through Azure having the **Github token** sending a request such as the following which will indicate the path of the file to overwrite, the content of the file and the commit message. + +This can be abused by attackers to basically **change the content of the web app** to serve malicious content (steal credentials, mnemonic keys...) or just to **re-route certain paths** to their own servers by oevrwritting the `staticwebapp.config.json` file. + +> [!WARNING] +> Note that if an attacker manages to compromise the Github repo in any way, they can also overwrite the file directly from Github. + +```bash +curl -X PUT "https://functions.azure.com/api/github/updateGitHubContent" \ +-H "Content-Type: application/json" \ +-d '{ + "commit": { + "message": "Update static web app route configuration", + "branchName": "main", + "committer": { + "name": "Azure App Service", + "email": "donotreply@microsoft.com" + }, + "contentBase64Encoded": "ewogICJuYXZpZ2F0aW9uRmFsbGJhY2siOiB7CiAgICAicmV3cml0ZSI6ICIvaW5kZXguaHRtbCIKICB9LAogICJyb3V0ZXMiOiBbCiAgICB7CiAgICAgICJyb3V0ZSI6ICIvcHJvZmlsZSIsCiAgICAgICJtZXRob2RzIjogWwogICAgICAgICJnZXQiLAogICAgICAgICJoZWFkIiwKICAgICAgICAicG9zdCIKICAgICAgXSwKICAgICAgInJld3JpdGUiOiAiL3AxIiwKICAgICAgInJlZGlyZWN0IjogIi9sYWxhbGEyIiwKICAgICAgInN0YXR1c0NvZGUiOiAzMDEsCiAgICAgICJhbGxvd2VkUm9sZXMiOiBbCiAgICAgICAgImFub255bW91cyIKICAgICAgXQogICAgfQogIF0KfQ==", + "filePath": "staticwebapp.config.json", + "message": "Update static web app route configuration", + "repoName": "carlospolop/my-first-static-web-app", + "sha": "4b6165d0ad993a5c705e8e9bb23b778dff2f9ca4" + }, + "gitHubToken": "gho_1OSsm834ai863yKkdwHGj31927PCFk44BAXL" +}' +``` + + + +{{#include ../../../banners/hacktricks-training.md}} + + + diff --git a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md index b59b6de991..749b15b936 100644 --- a/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md +++ b/src/pentesting-cloud/azure-security/az-privilege-escalation/az-functions-app-privesc.md @@ -20,7 +20,7 @@ Once you find where the code of the function is located if you have write permis The code of the function is usually stored inside a file share. With enough access it's possible to modify the code file and **make the function load arbitrary code** allowing to escalate privileges to the managed identities attached to the Function. -This deployment method usually configures the settings **`WEBSITE_CONTENTAZUREFILECONNECTIONSTRING`** and **`WEBSITE_CONTENTSHARE`** which you can get from +This deployment method usually configures the settings **`WEBSITE_CONTENTAZUREFILECONNECTIONSTRING`** and **`WEBSITE_CONTENTSHARE`** which you can get from ```bash az functionapp config appsettings list \ @@ -211,7 +211,7 @@ az rest --method POST \ ### Microsoft.Web/sites/config/list/action, Microsoft.Web/sites/config/write -These permissions allows to list the config values of a function as we have seen before plus **modify these values**. This is useful because these settings indicate where the code to execute inside the function is located. +These permissions allows to list the config values of a function as we have seen before plus **modify these values**. This is useful because these settings indicate where the code to execute inside the function is located. It's therefore possible to set the value of the setting **`WEBSITE_RUN_FROM_PACKAGE`** pointing to an URL zip file containing the new code to execute inside a web application: diff --git a/src/pentesting-cloud/azure-security/az-services/az-azuread.md b/src/pentesting-cloud/azure-security/az-services/az-azuread.md index a8d1304d7c..57a78cae66 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-azuread.md +++ b/src/pentesting-cloud/azure-security/az-services/az-azuread.md @@ -991,7 +991,7 @@ When PIM is enabled it's possible to configure each role with certain requiremen - Require justification on activation - Require ticket information on activation - Require approval to activate -- Max time to expire the elegible assignments +- Max time to expire the elegible assignments - A lot more configuration on when and who to send notifications when certain actions happen with that role ### Conditional Access Policies diff --git a/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md b/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md new file mode 100644 index 0000000000..c31e441aba --- /dev/null +++ b/src/pentesting-cloud/azure-security/az-services/az-static-web-apps.md @@ -0,0 +1,59 @@ + +# Az - Static Web Apps + +{{#include ../../../banners/hacktricks-training.md}} + +## Static Web Apps Basic Information + + +- **Routes**: It's possible to change the routes of a static webapp by modifying the `staticwebapp.config.json` file. This file is located in the root of the repository and **contains the routes that the app will use**. + +## Enumeration + +```bash +# List Static Webapps +az staticwebapp list --output table + +# Get Static Webapp details +az staticwebapp show --name --resource-group --output table + +# Get appsettings +az staticwebapp appsettings list --name + +# Get env information +az staticwebapp environment list --name +az staticwebapp environment functions --name + +# Get API key +az staticwebapp secrets list --name + +# Get invited users +az staticwebapp users list --name + +# Get database connections +az rest --method GET \ + --url "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Web/staticSites//databaseConnections?api-version=2021-03-01" + +## Once you have the database connection name ("default" by default) you can get the connection string with the credentials +az rest --method POST \ + --url "https://management.azure.com/subscriptions//resourceGroups//providers/Microsoft.Web/staticSites//databaseConnections/default/show?api-version=2021-03-01" +``` + +## Examples to generate Web Apps + + +## Post Exploitation + +{{#ref}} +../az-privilege-escalation/az-static-web-apps-post-exploitation.md +{{#endref}} + +## References + +- [https://learn.microsoft.com/en-in/azure/app-service/overview](https://learn.microsoft.com/en-in/azure/app-service/overview) +- [https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans](https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans) + +{{#include ../../../banners/hacktricks-training.md}} + + + diff --git a/src/pentesting-cloud/azure-security/az-services/az-storage.md b/src/pentesting-cloud/azure-security/az-services/az-storage.md index 8e016aa77b..71227674f0 100644 --- a/src/pentesting-cloud/azure-security/az-services/az-storage.md +++ b/src/pentesting-cloud/azure-security/az-services/az-storage.md @@ -53,7 +53,7 @@ Azure Storage Accounts are fundamental services in Microsoft Azure that provide ### Storage endpoints -
Storage ServiceEndpoint
Blob storagehttps://<storage-account>.blob.core.windows.net

https://<stg-acc>.blob.core.windows.net/<container-name>?restype=container&comp=list
Data Lake Storagehttps://<storage-account>.dfs.core.windows.net
Azure Fileshttps://<storage-account>.file.core.windows.net
Queue storagehttps://<storage-account>.queue.core.windows.net
Table storagehttps://<storage-account>.table.core.windows.net
+
Storage ServiceEndpoint
Blob storagehttps://.blob.core.windows.net

https://.blob.core.windows.net/?restype=container&comp=list
Data Lake Storagehttps://.dfs.core.windows.net
Azure Fileshttps://.file.core.windows.net
Queue storagehttps://.queue.core.windows.net
Table storagehttps://.table.core.windows.net
### Public Exposure diff --git a/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/README.md b/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/README.md index 5195017edb..500e10f43a 100644 --- a/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/README.md +++ b/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/README.md @@ -2,7 +2,7 @@ **The original author of this page is** [**Guillaume**](https://www.linkedin.com/in/guillaume-chapela-ab4b9a196) -## Definition +## Definition Kyverno is an open-source, policy management framework for Kubernetes that enables organizations to define, enforce, and audit policies across their entire Kubernetes infrastructure. It provides a scalable, extensible, and highly customizable solution for managing the security, compliance, and governance of Kubernetes clusters. diff --git a/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/kubernetes-kyverno-bypass.md b/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/kubernetes-kyverno-bypass.md index 5058fe17ce..ac912573c2 100644 --- a/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/kubernetes-kyverno-bypass.md +++ b/src/pentesting-cloud/kubernetes-security/kubernetes-kyverno/kubernetes-kyverno-bypass.md @@ -25,15 +25,15 @@ For each ClusterPolicy and Policy, you can specify a list of excluded entities, These excluded entities will be exempt from the policy requirements, and Kyverno will not enforce the policy for them. -## Example +## Example -Let's dig into one clusterpolicy example : +Let's dig into one clusterpolicy example : ``` $ kubectl get clusterpolicies MYPOLICY -o yaml ``` -Look for the excluded entities : +Look for the excluded entities : ```yaml exclude: @@ -53,7 +53,7 @@ Within a cluster, numerous added components, operators, and applications may nec ## Abusing ValidatingWebhookConfiguration -Another way to bypass policies is to focus on the ValidatingWebhookConfiguration resource : +Another way to bypass policies is to focus on the ValidatingWebhookConfiguration resource : {{#ref}} ../kubernetes-validatingwebhookconfiguration.md diff --git a/src/pentesting-cloud/kubernetes-security/kubernetes-opa-gatekeeper/kubernetes-opa-gatekeeper-bypass.md b/src/pentesting-cloud/kubernetes-security/kubernetes-opa-gatekeeper/kubernetes-opa-gatekeeper-bypass.md index be963facb7..bd65c3f845 100644 --- a/src/pentesting-cloud/kubernetes-security/kubernetes-opa-gatekeeper/kubernetes-opa-gatekeeper-bypass.md +++ b/src/pentesting-cloud/kubernetes-security/kubernetes-opa-gatekeeper/kubernetes-opa-gatekeeper-bypass.md @@ -51,7 +51,7 @@ With a comprehensive overview of the Gatekeeper configuration, it's possible to ## Abusing ValidatingWebhookConfiguration -Another way to bypass constraints is to focus on the ValidatingWebhookConfiguration resource : +Another way to bypass constraints is to focus on the ValidatingWebhookConfiguration resource : {{#ref}} ../kubernetes-validatingwebhookconfiguration.md diff --git a/src/pentesting-cloud/kubernetes-security/kubernetes-validatingwebhookconfiguration.md b/src/pentesting-cloud/kubernetes-security/kubernetes-validatingwebhookconfiguration.md index 99a4fc6ae0..00b49b2fa2 100644 --- a/src/pentesting-cloud/kubernetes-security/kubernetes-validatingwebhookconfiguration.md +++ b/src/pentesting-cloud/kubernetes-security/kubernetes-validatingwebhookconfiguration.md @@ -37,7 +37,7 @@ webhook: - pods ``` -The main difference between a ValidatingWebhookConfiguration and policies : +The main difference between a ValidatingWebhookConfiguration and policies :

Kyverno.png

diff --git a/src/pentesting-cloud/openshift-pentesting/openshift-privilege-escalation/openshift-tekton.md b/src/pentesting-cloud/openshift-pentesting/openshift-privilege-escalation/openshift-tekton.md index 8926bc2ba1..6fb72c8e7a 100644 --- a/src/pentesting-cloud/openshift-pentesting/openshift-privilege-escalation/openshift-tekton.md +++ b/src/pentesting-cloud/openshift-pentesting/openshift-privilege-escalation/openshift-tekton.md @@ -4,7 +4,7 @@ ### What is tekton -According to the doc: _Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems._ Both Jenkins and Tekton can be used to test, build and deploy applications, however Tekton is Cloud Native. +According to the doc: _Tekton is a powerful and flexible open-source framework for creating CI/CD systems, allowing developers to build, test, and deploy across cloud providers and on-premise systems._ Both Jenkins and Tekton can be used to test, build and deploy applications, however Tekton is Cloud Native. With Tekton everything is represented by YAML files. Developers can create Custom Resources (CR) of type `Pipelines` and specify multiple `Tasks` in them that they want to run. To run a Pipeline resources of type `PipelineRun` must be created. @@ -57,7 +57,7 @@ Tekton documents about how to restrict the override of scc by adding a label in https://tekton.dev/docs/operator/sccconfig/ {{#endref}} -This label is called `max-allowed` +This label is called `max-allowed` ```yaml apiVersion: operator.tekton.dev/v1alpha1 diff --git a/src/pentesting-cloud/workspace-security/gws-workspace-sync-attacks-gcpw-gcds-gps-directory-sync-with-ad-and-entraid/gcpw-google-credential-provider-for-windows.md b/src/pentesting-cloud/workspace-security/gws-workspace-sync-attacks-gcpw-gcds-gps-directory-sync-with-ad-and-entraid/gcpw-google-credential-provider-for-windows.md index d7ec34ebe3..3f1281bae0 100644 --- a/src/pentesting-cloud/workspace-security/gws-workspace-sync-attacks-gcpw-gcds-gps-directory-sync-with-ad-and-entraid/gcpw-google-credential-provider-for-windows.md +++ b/src/pentesting-cloud/workspace-security/gws-workspace-sync-attacks-gcpw-gcds-gps-directory-sync-with-ad-and-entraid/gcpw-google-credential-provider-for-windows.md @@ -617,7 +617,7 @@ Some examples using some of those scopes:
-https://www.googleapis.com/auth/userinfo.email & https://www.googleapis.com/auth/userinfo.profile +https://www.googleapis.com/auth/userinfo.email & https://www.googleapis.com/auth/userinfo.profile ```bash curl -X GET \