Skip to content

Security Café

Security Research and Services

  • Things we do on a daily basis
    • Web Application Penetration Testing
    • Mobile Application Penetration Testing
    • Infrastructure Penetration Testing
    • Vulnerability Assessment
  • Contact
  • About

Category: aws

EC2StepShell: A Tool for Getting Reverse Shells on Instances with Network Restrictions

March 8, 2023 Eduard Agavriloae

A tool for getting reverse shells in EC2 instances where network communication to your host is restricted. In my last article, AWS ssm:SendCommand or network

Continue reading

Our DefCamp 2022 talks are here!

February 1, 2023 Eduard Agavriloae

Both presentations we held this year at DefCamp are now available online (recordings and slides). DefCamp is one of the largest and most important cybersecurity

Continue reading

AWS ssm:SendCommand or network agnostic built-in RCE as root

January 17, 2023 Eduard Agavriloae

Post-exploitation in cloud can be fun and easy if you have the right permissions. There is no other permission that I would rather have than

Continue reading

AWS Enumeration – Part II (Practical enumeration)

December 14, 2022 Eduard Agavriloae

We hackers love cheat sheets so here are mine for AWS IAM, EC2, S3 Buckets and Lambda Functions. In Part I we showed what approaches

Continue reading

AWS Enumeration – Part I (Where to start, Approaches and Tools)

November 1, 2022 Eduard Agavriloae

This article is covering multiple ways to enumerate the resources within an AWS environment. We’ll explain how to perform enumeration, what you should look for,

Continue reading

Top Posts

  • Root detection and SSL pinning bypass
  • A Complete Kubernetes Config Review Methodology
  • Mobile Pentesting 101 - Bypassing Biometric Authentication
  • IoT Pentesting 101: How to Hack MQTT - The Standard for IoT Messaging
  • Practical Network Penetration Tester (PNPT): Real-life Penetration Testing exam - Tips & Tricks to pass the exam

Blog Stats

  • 297,933 hits

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 107 other subscribers

Categories

  • Active Directory (1)
  • Announcements (2)
  • Cloud Security (7)
    • aws (5)
    • Azure (1)
  • Conferences (4)
  • Embedded systems security (2)
    • IoT Pentesting (1)
  • Ethical Hacking (10)
  • General security (11)
  • IT Security Assurance (1)
  • IT Security Audit (2)
  • Metasploit (1)
  • Misc (14)
    • Code Review (1)
  • Mobile security (5)
  • Network security (4)
  • Operating systems (1)
  • Penetration Testing (15)
  • Pentest techniques (21)
  • Web security (10)
Blog at WordPress.com.
  • Follow Following
    • Security Café
    • Join 107 other followers
    • Already have a WordPress.com account? Log in now.
    • Security Café
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar