PinnedAWS Pentesting: IAM Privilege Escalation via AttachRolePolicyIn this writeup, we will do a walk through on Cybr’s IAM AttachedRolePolicy PrivEsc lab, which highlights privilege escalation by abusing…Dec 18, 2024Dec 18, 2024
PinnedUnderstanding LLM08: Excessive Agency in LLM AppsAs LLMs become increasingly integrated into web apps, they are often equipped with a degree of “agency” — the ability to take certain…Nov 7, 2024Nov 7, 2024
PinnedCloud Pentesting: Azure (Common test cases in an Azure pentest engagement )I always try to follow a general methodology when doing Azure Cloud pentest, or any type of pentest for that matter.Oct 19, 2024Oct 19, 2024
Understanding LLM01:2025 Prompt InjectionIn this blog, we’ll explore Prompt Injection which is ranked as the top vulnerability in OWASP’s 2025 Top 10 risks for LLMs. We’ll cover…6d ago6d ago
Azure Pentesting: Storage Account 06- Access Key (Blob Access) labThis simple walkthrough demonstrates how to access a blob if you know the storage account name and it’s key. We are going to use…Feb 12Feb 12
Web App Pentesting: Test cases on JWTJWT is commonly used in modern web applications. If the app is using JWT, below are the possible test cases we can perform during…Feb 9Feb 9
Web App Pentesting: Test cases for File UploadIf an app has a file upload functionality, we can perform different test cases on this function. One of the things to check is the…Feb 5Feb 5
AWS Pentesting: Abusing overly permissive SQS Queue.In this blog, I have set up another custom environment(again drawing inspiration from the previous courses that I recently took) to demo a…Jan 28Jan 28
AWS Pentesting: Abusing ec2:RunInstances & iam:PassRole permissionsI have published another blog using a custom lab to showcase how to leverage the ec2:RunInstances & iam:PassRole permissions in the pentest…Jan 27Jan 27
AWS Pentesting: Abusing lambda:CreateFunction, lambda:InvokeFunction & iam:PassRole permissionsInspired by one of the AWS pentest courses that I recently took, I decided to spin up my own custom environment to showcase how to abuse…Jan 19Jan 19
