Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

LLMNR (Link-Local Multicast Name Resolution) is a protocol used by legacy operating systems for name resolution without a DNS server, compatible with both IPv4 and IPv6. It is included in Windows Vista, Windows Server 2008, Windows 7, 8, and 10, and some Linux distributions. Introduced by Microsoft to enhance network resource resolution, LLMNR allows devices to multicast name queries on a local network if the DNS server fails to resolve a name.

Open source software (OSS) is software for which the original authors have granted express copyright and usage permissions to allow all users to access, view, and modify the source code of these programs however they see fit and without the need to pay royalties. This is in contrast to proprietary, closed source software, which typically requires a paid license and cannot be added to, modified, or distributed by anyone except the owner of the rights to the software.

In this post, we explore a powerful, yet widely unknown attack vector which has emerged in the last couple of years known as ‘Repo Jacking’. During our research, we discovered the enormous potential to compromise software components with tens of millions of downloads across the Terraform IaC (Infrastructure as Code) and Composer (PHP package registry) ecosystems. Despite its power, Repo Jacking remains under-researched and frequently misunderstood.

Kubernetes stands at the forefront of the container orchestration revolution by becoming most people’s go-to container orchestration platform. While looking at all the features that Kubernetes brings into the picture, you may notice that the platform does not manage its own users.