A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances. In
Mobile Pentesting 101 – How to set up your Android Environment
This article gives an idea about how your Android pentesting environment should look like. What tools should I use? Do I really need a physical device? Do I need a rooted device to pentest an application?
EC2StepShell: A Tool for Getting Reverse Shells on Instances with Network Restrictions
A tool for getting reverse shells in EC2 instances where network communication to your host is restricted. In my last article, AWS ssm:SendCommand or network
A Complete Kubernetes Config Review Methodology
The are many resources out there that tap into the subject of Kubernetes Pentesting or Configuration Review, however, they usually detail specific topics and misconfigurations
Our DefCamp 2022 talks are here!
Both presentations we held this year at DefCamp are now available online (recordings and slides). DefCamp is one of the largest and most important cybersecurity
AWS ssm:SendCommand or network agnostic built-in RCE as root
Post-exploitation in cloud can be fun and easy if you have the right permissions. There is no other permission that I would rather have than
Security Café 