PinnedAWS Pentesting: IAM Privilege Escalation via AttachRolePolicyIn this writeup, we will do a walk through on Cybr’s IAM AttachedRolePolicy PrivEsc lab, which highlights privilege escalation by abusing…4d ago4d ago
PinnedUnderstanding LLM08: Excessive Agency in LLM AppsAs LLMs become increasingly integrated into web apps, they are often equipped with a degree of “agency” — the ability to take certain…Nov 7Nov 7
PinnedCloud Pentesting: Azure (Common test cases in an Azure pentest engagement )I always try to follow a general methodology when doing Azure Cloud pentest, or any type of pentest for that matter.Oct 19Oct 19
AWS Pentesting: IAM Privilege Escalation via iam:PutGroupPolicyIn this writeup, we will do another walkthrough on Cybr’s IAM PutGroupPolicy PrivEsc lab, which highlights privilege escalation by abusing…7h ago7h ago
AWS Pentesting: IAM Privilege Escalation via iam:PutRolePolicyIn this writeup, we will do a walk through on Cybr’s IAM PutRolePolicy PrivEsc lab, which highlights privilege escalation by abusing the…1d ago1d ago
AWS Pentesting: Assume Privileged Role with External IDIn this blog, we will do a walkthrough on Pwnedlab’s “Assume Privileged Role with External ID” lab.Dec 1Dec 1
AWS Pentesting: S3 Bucket ReconAWS S3 is one of the most popular storage solutions, but it’s also a common misconfiguration target that can lead to critical data…Nov 25Nov 25
AWS Pentesting: EC2 User DataIn this blog, we will do a walkthrough on Pwnedlab’s “Command Injection to EC2 User Data Privilege Escalation” lab.Nov 23Nov 23
AWS Pentesting: Cloudgoat’s vulnerable_cognitoThis blog is a walkthrough of the CloudGoat Vulnerable Cognito Lab, documenting my hands-on experience and serving as a personal checklist…Nov 22Nov 22
AWS Pentesting: IAM Privilege Escalation via Rollback PolicyWhen conducting AWS penetration tests, one of the key privilege escalation paths I always check for is the ability to manipulate IAM policy…Nov 16Nov 16
