After the initial investigation entitled “AWS CloudQuarry: Digging for secrets in Public AMIs” was finalized, we continued with the same idea on Azure in order
Category: Cloud Security
AWS vs Azure: A “Secure by default” comparison
Whether you are in charge of deciding what Cloud solution to choose for your organization or you are a Security Professional trying to decide what
AWS CloudQuarry: Digging for Secrets in Public AMIs
Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. Digging through each AMI we managed to collect
IAMActionHunter in action
Let’s take a look at the latest cloud tool published by Rhino Security Labs: IAMActionHunter. Here I will detail the practical approach I took during
7 lesser-known AWS SSM Document techniques for code execution
A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances. In
EC2StepShell: A Tool for Getting Reverse Shells on Instances with Network Restrictions
A tool for getting reverse shells in EC2 instances where network communication to your host is restricted. In my last article, AWS ssm:SendCommand or network
Security Café 