Skip to content

Security Café

Security Research and Services

  • Things we do on a daily basis
    • Web Application Penetration Testing
    • Mobile Application Penetration Testing
    • Infrastructure Penetration Testing
    • Vulnerability Assessment
  • Contact
  • About

Tag: post exploitation

7 lesser-known AWS SSM Document techniques for code execution

April 19, 2023 Eduard Agavriloae

A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances. In

Continue reading

EC2StepShell: A Tool for Getting Reverse Shells on Instances with Network Restrictions

March 8, 2023 Eduard Agavriloae

A tool for getting reverse shells in EC2 instances where network communication to your host is restricted. In my last article, AWS ssm:SendCommand or network

Continue reading

AWS ssm:SendCommand or network agnostic built-in RCE as root

January 17, 2023 Eduard Agavriloae

Post-exploitation in cloud can be fun and easy if you have the right permissions. There is no other permission that I would rather have than

Continue reading

Pivoting to internal network via non-interactive shell

August 6, 2015 Adrian Furtuna

During a recent penetration test we have experienced the situation where we’ve gained remote code execution with limited privileges to a web server and had

Continue reading

Top Posts

  • Root detection and SSL pinning bypass
  • Mobile Pentesting 101 - Bypassing Biometric Authentication
  • Mobile Pentesting 101 - How to set up your Android Environment
  • Introduction to AI Prompt Injections (Jailbreak CTFs)
  • Practical JSONP Injection

Blog Stats

  • 314,041 hits

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 119 other subscribers

Categories

  • Active Directory (2)
  • Announcements (2)
  • Cloud Security (8)
    • aws (6)
    • Azure (1)
  • Conferences (4)
  • Embedded systems security (2)
    • IoT Pentesting (1)
  • Ethical Hacking (11)
  • General security (11)
  • IT Security Assurance (1)
  • IT Security Audit (2)
  • Metasploit (1)
  • Misc (15)
    • Artificial Intelligence (1)
    • Code Review (1)
  • Mobile security (6)
  • Network security (4)
  • Operating systems (1)
  • Penetration Testing (17)
  • Pentest techniques (24)
  • Web security (10)
Blog at WordPress.com.
  • Follow Following
    • Security Café
    • Join 119 other followers
    • Already have a WordPress.com account? Log in now.
    • Security Café
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...