Datadog Security Labs Research and Proof of Concept Code

This repository contains information, exploits, malware samples, and scripts from Datadog Security Labs.

Goal

This repository aims at providing proof of concept exploits, malware samples and technical demos to help the community respond to threats. Code from this repository might be used to:

• Improve Detections
• Continue additional research on Tactics, Techniques and Procedures (TTPs)
• Discover additional exploits

Proofs of Concept

• Dirty Pipe Container Breakout
• Exploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449)
• Spring Core RCE aka Spring4shell (CVE-2022-22965)
• Confluence CVE-2022-26134 OGNL Vulnerability
• OpenSSL punycode Vulnerability (CVE-2022-3602)
• OverlayFS privilege escalation vulnerability CVE-2023-0386

Stay Tuned!

We'll create a new GitHub release for every new proof of concept in this repository. To make sure you don't miss it, watch new releases!