Published inInfoSec Write-upspentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthroughIn this blog post I’m going to show you a technique of uncovering a CloudFormation values protected by the NoEcho property. In other words…Dec 1, 2022Dec 1, 2022
Published inInfoSec Write-upspentesting.cloud part 1: “Open To The Public” CTF walkthroughRecently I have a very good time playing the pentesting.cloud CTF and in this blog post I want to start a new walkthrough series of IMHO…Nov 3, 2022A response icon1Nov 3, 2022A response icon1
Published inTowards AWSAWS security assessment: what scanners are missing and how threat modeling may help you?There are many tools available today that are designed to automate security checks. For example, here’s a good list of open-source AWS…Oct 24, 2022A response icon2Oct 24, 2022A response icon2
Published inInside the Tech by SoftServeAWS privilege escalation: exploring odd features of the Trust PolicyIn this article I’ll present 2 situations when an adversary can abuse Trust Policy access model and assume a role without (any) permissionsAug 26, 2021A response icon2Aug 26, 2021A response icon2
Published inTowards AWSHow to defend against DNS exfiltration in AWS?TL;DRJul 7, 2021A response icon1Jul 7, 2021A response icon1
AWS and HackerOne CTF write-upRecently, @d0nutpr built an AWS-based CTF on HackerOne platform. The CTF was time-limited (available just for a week⏳), so I guess not all…Apr 19, 2021Apr 19, 2021
How can you benefit by sharing your knowledge?Ending of the year is often good time to do some summary of your current achievements and future goals. My review of 2020 inspired me to…Jan 3, 2021Jan 3, 2021
Published inThe StartupAWS Access Keys Leak in GitHub Repository and Some Improvements in Amazon ReactionAWS access keys leak via public code repository is quite known security problem. So common, that popular version control systems offer for…Nov 19, 2020A response icon1Nov 19, 2020A response icon1
Published inSecuRingServerless (in)securityserverless opens up a number of benefits for us, but we can’t forget about its threats. Even if you “believe” in security of your code, youMar 5, 2020Mar 5, 2020
Passing the AWS Certified Security Speciality examRecently I’ve passed the “AWS Certified Security — Speciality” exam, so I think that’s the best proof that my preparation process was good…Nov 5, 2019A response icon6Nov 5, 2019A response icon6
