Blog

Thousands of Unsecured Kubernetes Clusters Exposed on the Internet — Wave 9
Wave 9 of Project Resonance was conducted to determine the security posture of the exposed Kubernetes clusters around the internet.…

The Current State of Security, Privacy and Attack Surface on Android: Scanning Apps for Secrets and More – Wave 8
Our research shows that secret leakage is still an issue developers must be addressed with secure development practices. We recommend…

Millions of Secrets Exposed via Web Application Frontends – Wave 7
Web applications are the cornerstone of anything on the publicly accessible internet. Due to the complexities of the software development…

Octopii – An open-source, PII (Personally Identifiable Information) Scanner for Images
Say Hi to Octopii, an AI-powered Personal Identifiable Information scanner that uses Tesseract's Optical Character Recognition (OCR) and a MobileNet…

Things You Should Know About the Spring4Shell Vulnerability (CVE-2022-22965)
The Spring4Shell (CVE-2022-22963) is a RCE vulnerability in the Spring framework affecting JDK versions >= 9. We analyse the vulnerability…

Making Sense of the Dirty Pipe Vulnerability (CVE-2022-0847)
CVE-2022-0847 dubbed the "Dirty Pipe", is a privilege escalation vulnerability in the Linux Kernel. We demonstrate the vulnerability and analyze…

Untracked Assets and their Risks – Discussion with Cybernews
Nowadays, securing and managing a company’s digital footprint has become an even more difficult challenge. With so many subdomains, code…

Internet-Wide Study: State of SPF, DKIM, and DMARC (Wave 6)
At RedHunt Labs, (under Project Resonance), we frequently conduct internet-wide research in different shapes and formats to understand the state…