AWS Cross-Service Attacks
Understanding and Preventing Cross-Service Confused Deputy Vulnerabilities in AWS
Showing only posts tagged aws. Show all posts.
Pillaging Data from Private AWS Subnets
Exploiting overly permissive VPC endpoints to exfiltrate data from private AWS subnets
Pwnboxes
Simple method to define and build security testing containers in Podman
Pentesting AWS Enviroments
Attacking AWS Accounts from a black box perspective
New AWS Tag Checks
Using Snotra to Check For Sensitive Tags
AWS and GitHub OIDC Cross Account Roles
AWS and overly permissive GitHub OIDC cross-account role trust policies
Understanding Cloud Configuration Reviews
Blog post about Cloud Configuration Reviews
Snotra Lambda
Continuous AWS Testing with Snotra, Lambda, Cloud Watch EventBridge and S3.