Published in InfoSec Write-ups·Dec 1, 2022pentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthroughIn this blog post I’m going to show you a technique of uncovering a CloudFormation values protected by the NoEcho property. In other words, you gonna learn how to display secrets from already deployed CloudFormation stacks, hidden behind ****. This is the walkthroug of the “Is there an echo in…AWS6 min readAWS6 min read
Published in InfoSec Write-ups·Nov 3, 2022pentesting.cloud part 1: “Open To The Public” CTF walkthroughRecently I have a very good time playing the pentesting.cloud CTF and in this blog post I want to start a new walkthrough series of IMHO the most interesting challenges. I’ll start from the hard challenge named “Open To The Public”. Let’s get it started! This challenge doesn’t require any setup and at the…AWS6 min readAWS6 min read
Published in Towards AWS·Oct 24, 2022AWS security assessment: what scanners are missing and how threat modeling may help you?There are many tools available today that are designed to automate security checks. For example, here’s a good list of open-source AWS security tools, not even mentioning commercial ones. But IMHO some people rely too much on tools, as if conducting an AWS security assessment is the same as formatting…AWS6 min readAWS6 min read
Published in Inside the Tech by SoftServe·Aug 26, 2021AWS privilege escalation: exploring odd features of the Trust PolicyIAM roles are commonly used, for example, to grant access to AWS service, account, or federated identity. Each role has a document associated with it, which is called a Trust Policy. This document specifies who can assume the role and under what conditions it’s allowed or denied. The Trust Policy…AWS4 min readAWS4 min read
Published in Towards AWS·Jul 7, 2021How to defend against DNS exfiltration in AWS?TL;DR - VPCs by default use the Amazon-provided DNS which can be used to bypass some network-level protection mechanisms (e.g. NACLs or SGs) or monitoring (e.g. VPC Flow Logs). - Recently a new service has been released: the Route 53 Resolver DNS Firewall which allows for blocking and monitoring DNS queries to…AWS6 min readAWS6 min read
Apr 19, 2021AWS and HackerOne CTF write-upRecently, @d0nutptr built an AWS-based CTF on HackerOne platform. The CTF was time-limited (available just for a week⏳), so I guess not all interested people had a chance to play with it. Furthermore, it’s still quite rare to see a CTF mixing AWS and web security skills. …AWS7 min readAWS7 min read
Jan 3, 2021How can you benefit by sharing your knowledge?Ending of the year is often good time to do some summary of your current achievements and future goals. My review of 2020 inspired me to make something unusual — to create non-technical blog post about sharing knowledge. No matter how naive it sounds, a decision to start sharing my…Self Improvement4 min readSelf Improvement4 min read
Published in The Startup·Nov 19, 2020AWS Access Keys Leak in GitHub Repository and Some Improvements in Amazon ReactionAWS access keys leak via public code repository is a quite known security problem. So common, that popular version control systems offer for free a dedicated service, which looks for hardcoded secrets. Specifically, I refer here to GitHub secret scanning service. Without a doubt, it’s awesome that such a service…AWS5 min readAWS5 min read
Published in SecuRing·Mar 5, 2020Serverless (in)securityTL;DR Most of vulnerabilities existing in traditional applications can also appear in serverless applications. The most common ones are described in OWASP Serverless Top 10. There are also threats which are specific to serverless, like event injection or overwriting the code stored in S3 bucket. It’s quite common, that Lambda’s execution…Serverless6 min readServerless6 min read
Nov 5, 2019Passing the AWS Certified Security-Speciality examRecently I’ve passed the “AWS Certified Security — Speciality” exam, so I think that’s the best proof that my preparation process was good enough. In this post I want to share my path to pass the “AWS Certified Security — Speciality” exam, including sharing all my notes which I made…AWS4 min readAWS4 min read
