Whether you are in charge of deciding what Cloud solution to choose for your organization or you are a Security Professional trying to decide what
Category: aws
AWS CloudQuarry: Digging for Secrets in Public AMIs
Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. Digging through each AMI we managed to collect
IAMActionHunter in action
Let’s take a look at the latest cloud tool published by Rhino Security Labs: IAMActionHunter. Here I will detail the practical approach I took during
7 lesser-known AWS SSM Document techniques for code execution
A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances. In
EC2StepShell: A Tool for Getting Reverse Shells on Instances with Network Restrictions
A tool for getting reverse shells in EC2 instances where network communication to your host is restricted. In my last article, AWS ssm:SendCommand or network
Our DefCamp 2022 talks are here!
Both presentations we held this year at DefCamp are now available online (recordings and slides). DefCamp is one of the largest and most important cybersecurity
Security Café 