After the initial investigation entitled “AWS CloudQuarry: Digging for secrets in Public AMIs” was finalized, we continued with the same idea on Azure in order
Tag: cloud
AWS CloudQuarry: Digging for Secrets in Public AMIs
Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. Digging through each AMI we managed to collect
7 lesser-known AWS SSM Document techniques for code execution
A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances. In
AWS ssm:SendCommand or network agnostic built-in RCE as root
Post-exploitation in cloud can be fun and easy if you have the right permissions. There is no other permission that I would rather have than
Certified Hybrid Multi-Cloud Red Team Specialist – Review and Tips
You might not be familiar with this one, but it is a certification offered by Cyberwarfare Labs that is focusing on exploiting infrastructures that combine
Security Café 