A tool for getting reverse shells in EC2 instances where network communication to your host is restricted. In my last article, AWS ssm:SendCommand or network
A Complete Kubernetes Config Review Methodology
The are many resources out there that tap into the subject of Kubernetes Pentesting or Configuration Review, however, they usually detail specific topics and misconfigurations
Our DefCamp 2022 talks are here!
Both presentations we held this year at DefCamp are now available online (recordings and slides). DefCamp is one of the largest and most important cybersecurity
AWS ssm:SendCommand or network agnostic built-in RCE as root
Post-exploitation in cloud can be fun and easy if you have the right permissions. There is no other permission that I would rather have than
AWS Enumeration – Part II (Practical enumeration)
We hackers love cheat sheets so here are mine for AWS IAM, EC2, S3 Buckets and Lambda Functions. In Part I we showed what approaches
AWS Enumeration – Part I (Where to start, Approaches and Tools)
This article is covering multiple ways to enumerate the resources within an AWS environment. We’ll explain how to perform enumeration, what you should look for,
Security Café 