Recently I have a very good time playing the pentesting.cloud CTF and in this blog post I want to start a new walkthrough series of IMHO the most interesting challenges. I’ll start from the hard challenge named “Open To The Public”. Let’s get it started! This challenge doesn’t require any setup and at the…

There are many tools available today that are designed to automate security checks. For example, here’s a good list of open-source AWS security tools, not even mentioning commercial ones. But IMHO some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting…

IAM roles are commonly used, for example, to grant access to AWS service, account, or federated identity. Each role has a document associated with it, which is called a Trust Policy. This document specifies who can assume the role and under what conditions it’s allowed or denied. The Trust Policy…

TL;DR - VPCs by default use the Amazon-provided DNS which can be used to bypass some network-level protection mechanisms (e.g. NACLs or SGs) or monitoring (e.g. VPC Flow Logs). - Recently a new service has been released: the Route 53 Resolver DNS Firewall which allows for blocking and monitoring DNS queries to…

Recently, @d0nutptr built an AWS-based CTF on HackerOne platform. The CTF was time-limited (available just for a week⏳), so I guess not all interested people had a chance to play with it. Furthermore, it’s still quite rare to see a CTF mixing AWS and web security skills. …

Ending of the year is often good time to do some summary of your current achievements and future goals. My review of 2020 inspired me to make something unusual — to create non-technical blog post about sharing knowledge. No matter how naive it sounds, a decision to start sharing my…

AWS access keys leak via public code repository is a quite known security problem. So common, that popular version control systems offer for free a dedicated service, which looks for hardcoded secrets. Specifically, I refer here to GitHub secret scanning service. Without a doubt, it’s awesome that such a service…

TL;DR Most of vulnerabilities existing in traditional applications can also appear in serverless applications. The most common ones are described in OWASP Serverless Top 10. There are also threats which are specific to serverless, like event injection or overwriting the code stored in S3 bucket. It’s quite common, that Lambda’s execution…

Recently I’ve passed the “AWS Certified Security — Speciality” exam, so I think that’s the best proof that my preparation process was good enough. In this post I want to share my path to pass the “AWS Certified Security — Speciality” exam, including sharing all my notes which I made…