<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Cloud Security on Prepakis Georgios | Kernelstub | Security Researcher</title><link>https://blog.kernelstub.dev/tags/cloud-security/</link><description>Recent content in Cloud Security on Prepakis Georgios | Kernelstub | Security Researcher</description><generator>Hugo</generator><language>en-US</language><lastBuildDate>Mon, 16 Feb 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://blog.kernelstub.dev/tags/cloud-security/index.xml" rel="self" type="application/rss+xml"/><item><title>A Full Infrastructure Takeover on GSIS.GR</title><link>https://blog.kernelstub.dev/posts/a-full-infrastructure-takeover-on-gsis.gr/</link><pubDate>Mon, 16 Feb 2026 00:00:00 +0000</pubDate><guid>https://blog.kernelstub.dev/posts/a-full-infrastructure-takeover-on-gsis.gr/</guid><description>&lt;p&gt;&lt;strong&gt;Table of Contents&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a href="#phase-1-massive-reconnaissance-with-skuntscan"&gt;Phase 1: Massive Reconnaissance with SkuntScan&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-2-the-exposed-configuration-that-broke-everything"&gt;Phase 2: The Exposed Configuration That Broke Everything&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-3-ftp-and-the-forgotten-server"&gt;Phase 3: FTP and the Forgotten Server&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-4-oracle-webcenter-leaks-and-ldap-access"&gt;Phase 4: Oracle webCenter Leaks and LDAP Access&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-5-hardcoded-jwt-private-key"&gt;Phase 5: Hardcoded JWT Private Key&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-6-server-status-as-a-network-mapping-tool"&gt;Phase 6: Server-Statme as a Network Mapping Tool&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-7-iis-short-names-and-aspnet-backend"&gt;Phase 7: IIS Short Names and ASP.NET Backend&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-8-domibus-424--finding-the-zero-day"&gt;Phase 8: Domibme 4.2.4 – Finding the Zero-Day&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-9-from-xxe-to-ssh-on-borisgsisgr"&gt;Phase 9: From XXE to SSH on boris.gsis.gr&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-10-axis2-admin-service--deploying-a-backdoor"&gt;Phase 10: Axis2 Admin Service – Deploying a Backdoor&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-11-privilege-escalation-to-root"&gt;Phase 11: Privilege Escalation to Root&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-12-internal-network-pivot--the-1019318024-discovery"&gt;Phase 12: Internal Network Pivot – The 10.193.18.0/24 Discovery&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-13-staging-authentix-auth-and-the-database-goldmine"&gt;Phase 13: STAGING-AUTHENTIX-AUTH and the Database Goldmine&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-14-switches-firewalls-and-control-surfaces"&gt;Phase 14: Switches, Firewalls, and Control Surfaces&lt;/a&gt;&lt;/li&gt;
&lt;li&gt;&lt;a href="#phase-15-15-million-citizens--what-i-found"&gt;Phase 15: 15 Million Citizens – What I Found&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id="phase-1-massive-reconnaissance-with-skuntscan"&gt;Phase 1: Massive Reconnaissance with SkuntScan&lt;/h2&gt;
&lt;p&gt;Every engagement starts with comprehensive reconnaissance. SkuntScan, our in‑house tool, combines passive enumeration with intelligent fingerprinting. It scrapes certificate transparency logs, DNS records, web archives, and then correlates everything with IP space to build a complete map of the target.&lt;/p&gt;</description></item><item><title>Comparing tfsec and Checkov for Hardening Infrastracture</title><link>https://blog.kernelstub.dev/posts/comparing-tfsec-and-checkov-for-hardening-infrastracture/</link><pubDate>Wed, 12 Nov 2025 00:00:00 +0000</pubDate><guid>https://blog.kernelstub.dev/posts/comparing-tfsec-and-checkov-for-hardening-infrastracture/</guid><description>&lt;h2 id="why-iac-hardening-matters"&gt;Why IaC Hardening Matters&lt;/h2&gt;
&lt;p&gt;Here&amp;rsquo;s the thing about infrastructure as code that makes it both wonderful and terrifying: once you write a mistake into a Terraform module, that mistake doesn&amp;rsquo;t stay put. It gets copied. A junior engineer finds your &lt;code&gt;s3-bucket&lt;/code&gt; module in the internal registry, sees it&amp;rsquo;s already &amp;ldquo;battle tested,&amp;rdquo; and reuses it in three more projects without reading past the variable names. If that module happened to leave logging disabled or granted a role &lt;code&gt;&amp;quot;*&amp;quot;&lt;/code&gt; on &lt;code&gt;&amp;quot;*&amp;quot;&lt;/code&gt;, you haven&amp;rsquo;t made one mistake, you&amp;rsquo;ve made a template for making that mistake forever.&lt;/p&gt;</description></item></channel></rss>