Pawel RzepainInfoSec Write-upspentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthroughIn this blog post I’m going to show you a technique of uncovering a CloudFormation values protected by the NoEcho property. In other words…Dec 1, 2022Dec 1, 2022
Pawel RzepainInfoSec Write-upspentesting.cloud part 1: “Open To The Public” CTF walkthroughRecently I have a very good time playing the pentesting.cloud CTF and in this blog post I want to start a new walkthrough series of IMHO…Nov 3, 20221Nov 3, 20221
Pawel RzepainTowards AWSAWS security assessment: what scanners are missing and how threat modeling may help you?There are many tools available today that are designed to automate security checks. For example, here’s a good list of open-source AWS…Oct 24, 20222Oct 24, 20222
Pawel RzepainInside the Tech by SoftServeAWS privilege escalation: exploring odd features of the Trust PolicyIn this article I’ll present 2 situations when an adversary can abuse Trust Policy access model and assume a role without (any) permissionsAug 26, 20212Aug 26, 20212
Pawel RzepaAWS and HackerOne CTF write-upRecently, @d0nutpr built an AWS-based CTF on HackerOne platform. The CTF was time-limited (available just for a week⏳), so I guess not all…Apr 19, 2021Apr 19, 2021
Pawel RzepaHow can you benefit by sharing your knowledge?Ending of the year is often good time to do some summary of your current achievements and future goals. My review of 2020 inspired me to…Jan 3, 2021Jan 3, 2021
Pawel RzepainThe StartupAWS Access Keys Leak in GitHub Repository and Some Improvements in Amazon ReactionAWS access keys leak via public code repository is quite known security problem. So common, that popular version control systems offer for…Nov 19, 20201Nov 19, 20201
Pawel RzepainSecuRingServerless (in)securityserverless opens up a number of benefits for us, but we can’t forget about its threats. Even if you “believe” in security of your code, youMar 5, 2020Mar 5, 2020
Pawel RzepaPassing the AWS Certified Security Speciality examRecently I’ve passed the “AWS Certified Security — Speciality” exam, so I think that’s the best proof that my preparation process was good…Nov 5, 20196Nov 5, 20196