- Web crawling vs. Port/IP crawling https://blog.criminalip.io/2022/09/22/google-hacking-intitle-vs-cip-title/ 2 comments askprogramming
- Jenkins server exploit can lead to root information leakage https://blog.criminalip.io/2022/07/12/open-source-server/ 3 comments opensource
- Security researchers have noticed an increase in the number of Redis databases publicly exposed to the Internet. Hackers often hunt for them using search engines indexing systems reachable from the open web to steal the content or for financial extortion. https://blog.criminalip.io/2022/09/06/redis-database-leaks/ 6 comments opensource
- Security researchers have noticed a huge number of Redis databases publicly exposed to the Internet. Exposing databases on the public face of the internet is in many cases due to misconfiguration. https://blog.criminalip.io/2022/09/06/redis-database-leaks/ 5 comments privacy
- Security Researchers found exposed open source automation CI / CD tools without any authentication process. Not even 10% of people using CI / CD tools may understand how authentication works between components. https://blog.criminalip.io/2022/07/12/open-source-server/ 5 comments programming
- Tracking hidden IP address of deepfake pornography website owner who victimized over 190 Kpop idols. Real server IP addresses hidden behind cloudflare. https://blog.criminalip.io/2022/08/04/deepfake-porn-site/ 4 comments privacy
- Analysis report on DDoS attack that went on for 20 hours https://blog.criminalip.io/2022/07/27/ddos-attack-case/ 2 comments netsec
- Django web applications with enabled Debug Mode, DB accounts information and API Keys of more than 3,100 applications were exposed on internet. https://blog.criminalip.io/2022/07/20/api-key-leak/ 5 comments netsec
- Django web applications with enabled Debug Mode, DB accounts information and API Keys of more than 3,100 applications were exposed on internet. When searching for authentication-related keywords, it was easy to find IP’s with exposed credentials, many of which are of either Oauth or RESTfull API https://blog.criminalip.io/2022/07/20/api-key-leak/ 57 comments programming
- Should be ware of exposed, vulnerable open source automation CI & CD server like Jenkins or RunDeck https://blog.criminalip.io/2022/07/12/open-source-server/ 2 comments devops