Very fun read. I love following the train of thought and seeing where they "failed".
Also, this Elasticsearch RCE has been patched a while ago and we still see a lot of servers hacked because of it. In fact, there is a DDoS botnet made of only ES servers that we have been tracking.
<unrelated>If you are using Elasticsearch, please patch it!</unrelated>
Also, this Elasticsearch RCE has been patched a while ago and we still see a lot of servers hacked because of it. In fact, there is a DDoS botnet made of only ES servers that we have been tracking.
<unrelated>If you are using Elasticsearch, please patch it!</unrelated>