Month: February 2019

A new proposal would expand Medicare to include Americans as young as 50. It's a throw-money-at-it solution to problems largely caused by government intervention in health care, according to Cato’s…

A new proposal would expand Medicare to include Americans as young as 50. It's a throw-money-at-it solution to problems largely caused by government intervention in health care, according to Cato’s…

Today on The Survival Podcast I take your phone calls on beef, reloading, soils, fish, guns, ducks, winter weather, land and more. Remember to be on a show like this…

If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You…

If you find yourself on a Jenkins box with script console access you can decrypt the saved passwords in credentials.xml in the following way: hashed_pw='$PASSWORDHASH' passwd = hudson.util.Secret.decrypt(hashed_pw) println(passwd) You…

Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 P...

Forced API token change SECURITY-180/CVE-2015-1814 https://jenkins.io/security/advisory/2015-03-23/#security-180cve-2015-1814-forced-api-token-change Affected Versions All Jenkins releases <= 1.605 All LTS releases <= 1.596.1 P...

API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission…

API tokens of other users available to admins SECURITY-200 / CVE-2015-5323 API tokens of other users were exposed to admins by default. On instances that don’t implicitly grant RunScripts permission…

A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6ec7c960e2 Using the terminal plugin to get RCE https://sharadchhetri.com/2018/12/02/managing-jenkins-plugins/ Getting started with Jenkins Plugins https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html Vulns…

A collection of posts on attacking Jenkins http://www.labofapenetrationtester.com/2014/08/script-execution-and-privilege-esc-jenkins.html Manipulating build steps to get RCE https://medium.com/@uranium238/shodan-jenkins-to-get-rces-on-servers-6b6e...

Blair is a wellness oriented RN. Beyond her experience as a registered nurse, she has worked as a health and physical educator, an exercise physiologist, personal trainer, and nutrition consultant.…

After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post…

After the release of Orange Tsai's exploit for Jenkins. I've been doing some poking. PreAuth RCE against Jenkins is something everyone wants. While not totally related to the blog post…

We have discussed the concept of becoming a modern renaissance man aka a polymath a few times on feedback shows, but never as a stand alone subject. I took a…

Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including 2.145…

Jenkins notes for: https://blog.orange.tw/2019/01/hacking-jenkins-part-1-play-with-dynamic-routing.html http://blog.orange.tw/2019/02/abusing-meta-programming-for-unauthenticated-rce.html to download old jenkins WAR files http://updates.jenkins-ci.org/download/war/ 1st bug in the blog is a username enumeration bug in Jenkins weekly up to and including 2.145…

Guys and Gals the Expert Council is truly a blessing and we just got three new amazing members. Right now though I need questions for the entire council. To see…

Will the diplomatic push between the U.S. and North Korea produce more substantive agreement? Will South Korea get on board with the long-held goal of U.S. troops departing the peninsula?…

Will the diplomatic push between the U.S. and North Korea produce more substantive agreement? Will South Korea get on board with the long-held goal of U.S. troops departing the peninsula?…

Today on The Survival Podcast I take your questions on gardening, generators, yard tools, cryptocurrency, real estate, guns, mead, cars, government stupidity and more. Make sure if you submit content…

Steven Harris alerted me to this and I have to say this little generator is both Spirko and Harris approved. The price is stupid low and this little generator has…

I have asked Jessica Mills to join the counsel of TSP Experts and she has graciously accepted. Jessica has completed the US Triple Crown of Hiking. Translation the gal has…

What are all these university administrators doing, exactly? Cato senior fellow Todd Zywicki doesn't know, either. Hosted on Acast. See acast.com/privacy for more information.