PinnedAWS Pentesting: IAM Privilege Escalation via AttachRolePolicyIn this writeup, we will do a walk through on Cybr’s IAM AttachedRolePolicy PrivEsc lab, which highlights privilege escalation by abusing…Dec 18, 2024Dec 18, 2024
PinnedUnderstanding LLM08: Excessive Agency in LLM AppsAs LLMs become increasingly integrated into web apps, they are often equipped with a degree of “agency” — the ability to take certain…Nov 7, 2024Nov 7, 2024
PinnedCloud Pentesting: Azure (Common test cases in an Azure pentest engagement )I always try to follow a general methodology when doing Azure Cloud pentest, or any type of pentest for that matter.Oct 19, 2024Oct 19, 2024
AWS Pentesting: Abusing lambda:CreateFunction, lambda:InvokeFunction & iam:PassRole permissionsInspired by one of the AWS pentest courses that I recently took, I decided to spin up my own custom environment to showcase how to abuse…3d ago3d ago
AWS Pentesting: Abusing STS sts:GetFederationToken permissionIn this lab, I have set up a custom environment where an IAM user has permission to sts:GetFederationToken. The idea is that there might be…5d ago5d ago
AWS Pentesting: Reverse shell using Sliver C2 by abusing SSMIn this blog, we will show how to get a reverse shell or a callback from an EC2 instance with the use of ssm:SendCommand permission or…Jan 14Jan 14
AWS Pentesting: Attacking SNS using PacuIn this blog, we will do a walkthrough on how to abuse an overly permissive SNS using Pacu.Jan 13Jan 13
