AWS Cross-Service Attacks
Understanding and Preventing Cross-Service Confused Deputy Vulnerabilities in AWS
Showing only posts in cloud. Show all posts.
Securing Service Principals
How Entra ID App Registrations / Enterprise Applications are commonly misconfigured and can be used by attackers to elevate privileges, access sensitive information and move laterally across Azure tenancies.
Pillaging Data from Private AWS Subnets
Exploiting overly permissive VPC endpoints to exfiltrate data from private AWS subnets
Pentesting AWS Enviroments
Attacking AWS Accounts from a black box perspective
New AWS Tag Checks
Using Snotra to Check For Sensitive Tags
Azure Monitor - Activity Logging, Resource Logging and Alerts
Making Sense of Logging in Azure with Azure Monitor, Diagnostic Settings and Activity Log Alerts
AWS and GitHub OIDC Cross Account Roles
AWS and overly permissive GitHub OIDC cross-account role trust policies
Understanding Cloud Configuration Reviews
Blog post about Cloud Configuration Reviews
From Domain User to Domain Admin (DA), From DA to Global Admin (GA)
How to own an internal domain and pivot into the cloud
Snotra Lambda
Continuous AWS Testing with Snotra, Lambda, Cloud Watch EventBridge and S3.