That 'Project Hail Mary' trailer really does come out swinging with spoilers for the book's plot twists in the first 10 seconds, huh?

I was about to celebrate and say that everyone has behaved when booking tickets, but then found the one who hadn't paid attention to the rules. Those tickets have been cancelled and so that puts back on sale a Playing with Pipelines ticket if anyone was after one.

That CI workshop thingy looks particularly fun.

Digging into how the latest Windows Kubernetes vuln works was a fun way to spend a couple of hours. We've just published some of my notes here:

The Kubernetes Security Response Committee has published an advisory for CVE-2024-9042, affecting Windows worker nodes querying the /logs endpoint. Iain Smart, Principal Security Consultant at AmberWolf, reproduced the issue & shared detection insights in our latest blog.

Today, we're releasing NachoVPN, our VPN client exploitation tool, as presented at SANS #HackfestHollywood 2024 🌮🔒 Find the details on the @AmberWolfSec blog, along with the individual advisories, including a not-yet-fully fixed PaloAlto GlobalProtect client RCE👀

🗓️SAVE THE DATE!🗓️ The 13th edition of Securi-Tay will be happening on the 28th of February 2025

No incident at the topological factory.

I'll be running one of @controlplaneio's CTF scenarios at Cloud Native and Kubernetes Edinburgh this Wednesday (18th) at 18:00. Bring a laptop, hack some chatbots, get some flags! Also probably pizza.

If I'm reading the email right, Docker Pro just went from $5/mo to $9/mo and now gets you less than it used to. Admittedly I probably have ~200 image pulls per YEAR so nowhere near the limits, but a doubling of price will probably have me moving from Docker Hub and Desktop soon.

Guess it's just one of those afternoons.

The National Gallery in London is renovating its Sainsbury Wing and they’ve just found a secret letter from one of the original donors, sunk into a concrete column, saying that he hates the columns and is glad they’re being demolished. 10/10 unhinged rich man behaviour, no notes

Carrying on Datadog's #Kubernetes #security video series, by starting to take a look at how Kubernetes handles authentication. In this video we're looking at some of the possible pitfalls with client certificate authentication. https://t.co/fHavuECEEt

A customer reached out asking for video tutorials. We obviously have a Lindy handling this, and I was delighted to see that she sent a video. But then I remembered we don't have a video tutorial and realized Lindy is literally fucking rickrolling our customers.

Another excellent set of challenges from @CtfSecurity. Just got to work out their magical mystery bonus flag now.

Dependency is replaced by one-liner, weekly traffic is reduced by 440GB

Kicking off tonight’s Cloud Native Edinburgh with the first talk courtesy of Kate Gawron from @doitint

Happy @Steel_Con day to everyone who celebrates! Gutted to be missing it this year, I’ll wave on the way past.

Grok's automated news feature is batting 1000 today