Welcome to JameZUK's Website

A blog about Cyber Security

A blog about cyber security

  • Cisco CVE-2024-20295 – “Fox in a box” CLI Command Injection Disclosure

    Cisco CVE-2024-20295 – “Fox in a box” CLI Command Injection Disclosure

    Cisco Integrated Management Controller CLI Command Injection Vulnerability – Disclosure

  • Cisco CVE Published

    Today Cisco PSIRT reached out to tell me that my vulnerability for the Cisco IMC has been published and is now available here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-cmd-inj-mUx4c5AJ I plan to post a full disclosure soon.

  • Rooting a Cisco IMC for peace and power!

    Rooting a Cisco IMC for peace and power!

    A brief introduction TL;DR: In a home lab project, a Cisco UCS server was acquired to replace an older Dell server. However, the Cisco server’s fans were excessively loud and power-intensive. By gaining root access to the server’s Cisco Integrated Management Controller (IMC), which is similar to HP’s iLO or Dell’s iDRAC, it was possible…

  • SEC401 Training and GSEC Exam

    SEC401 Training and GSEC Exam

    So I have been very busy over the last month or so and have completed the GIAC SEC401 training course and associated GIAC GSEC exam. I’m really pleased to say I passed with a 93% score which means I should be invite into the GIAC advisory board! The exam was fair difficult with some particularly…

  • GFACT – Done!

    GFACT – Done!

    Its done!

  • Entering the world of Cyber Security

    Entering the world of Cyber Security

    This blog will cover my trial and tribulations of taking my existing IT career from infrastructure and cloud to the fascinating world of cyber security. Selected from over 4,600 applicants as 1 of 300 participants in the UK Government funded Upskill in Cyber programme this blog will attempt to document my progress, experiences and failures.