The are many resources out there that tap into the subject of Kubernetes Pentesting or Configuration Review, however, they usually detail specific topics and misconfigurations
Category: Cloud Security
Our DefCamp 2022 talks are here!
Both presentations we held this year at DefCamp are now available online (recordings and slides). DefCamp is one of the largest and most important cybersecurity
AWS ssm:SendCommand or network agnostic built-in RCE as root
Post-exploitation in cloud can be fun and easy if you have the right permissions. There is no other permission that I would rather have than
AWS Enumeration – Part II (Practical enumeration)
We hackers love cheat sheets so here are mine for AWS IAM, EC2, S3 Buckets and Lambda Functions. In Part I we showed what approaches
AWS Enumeration – Part I (Where to start, Approaches and Tools)
This article is covering multiple ways to enumerate the resources within an AWS environment. We’ll explain how to perform enumeration, what you should look for,
Pentesting Azure: RECON Techniques
Even though Microsoft Azure is the second largest cloud solution after Amazon Web Services (AWS) from a market share perspective, it should be noted that
Security Café 