PinnedCloud Pentesting: Azure (Common test cases in an Azure pentest engagement )I always try to follow a general methodology when doing Azure Cloud pentest, or any type of pentest for that matter.Oct 19, 2024Oct 19, 2024
PinnedCloud Pentesting: AWS (Common test cases in an AWS pentest engagement )Previously, I have created a blog that covers common test cases that I check when doing Azure Pentest which you can find in this link. This…Jun 11Jun 11
PinnedAWS Pentesting: IAM Privilege Escalation via AttachRolePolicyIn this writeup, we will do a walk through on Cybr’s IAM AttachedRolePolicy PrivEsc lab, which highlights privilege escalation by abusing…Dec 18, 2024Dec 18, 2024
PinnedUnderstanding LLM08: Excessive Agency in LLM AppsAs LLMs become increasingly integrated into web apps, they are often equipped with a degree of “agency” — the ability to take certain…Nov 7, 2024Nov 7, 2024
API Pentesting: Common Test CasesI am creating this blog post to document my top common test cases when doing API pentest.5d ago5d ago
AWS Pentesting: Bruteforcing AWS Management ConsoleIn this short blog, we will cover a test case where we perform a password bruteforcing on the AWS Management Console. In this blog we will…Jun 14Jun 14
Azure Pentesting: Pwnedlab’s Azure Blob Container to Initial AccessIn this blog post, I’ll guide you through PwnedLab’s “Azure Blob Container to Initial Access” lab with a step-by-step walkthrough.May 25May 25
Azure Pentesting: Getting a C2 Callback via Azure Run CommandOne of the test cases that we do when doing Azure Pentest is to check for possible C2 callback using Azure VM. We can achieve this if our…May 20May 20
