Securing Service Principals
How Entra ID App Registrations / Enterprise Applications are commonly misconfigured and can be used by attackers to elevate privileges, access sensitive information and move laterally across Azure tenancies.
Showing only posts tagged pentesting. Show all posts.
AxeOS CSRF Vulnerability
Using CSRF Attack to update the Payout Address on BitAxe Bitcoin Miners
Pillaging Data from Private AWS Subnets
Exploiting overly permissive VPC endpoints to exfiltrate data from private AWS subnets
Penetration Testing Training Labs
Labs to learn penetration testing and offensive security
Penetration Test Reports and Vulnerability Aggregation
Penetration test reports, aggregating findings and thinking more deeply.
AWS and GitHub OIDC Cross Account Roles
AWS and overly permissive GitHub OIDC cross-account role trust policies
From Domain User to Domain Admin (DA), From DA to Global Admin (GA)
How to own an internal domain and pivot into the cloud