Pawel RzepainInfoSec Write-upspentesting.cloud part 2: “Is there an echo in here?” AWS CTF walkthroughIn this blog post I’m going to show you a technique of uncovering a CloudFormation values protected by the NoEcho property. In other words…6 min read·Dec 1, 2022----
Pawel RzepainInfoSec Write-upspentesting.cloud part 1: “Open To The Public” CTF walkthroughRecently I have a very good time playing the pentesting.cloud CTF and in this blog post I want to start a new walkthrough series of IMHO…6 min read·Nov 3, 2022--1--1
Pawel RzepainTowards AWSAWS security assessment: what scanners are missing and how threat modeling may help you?There are many tools available today that are designed to automate security checks. For example, here’s a good list of open-source AWS…6 min read·Oct 24, 2022--2--2
Pawel RzepainInside the Tech by SoftServeAWS privilege escalation: exploring odd features of the Trust PolicyIn this article I’ll present 2 situations when an adversary can abuse Trust Policy access model and assume a role without (any) permissions4 min read·Aug 26, 2021--2--2
Pawel RzepainTowards AWSHow to defend against DNS exfiltration in AWS?TL;DR6 min read·Jul 7, 2021--1--1
Pawel RzepaAWS and HackerOne CTF write-upRecently, @d0nutpr built an AWS-based CTF on HackerOne platform. The CTF was time-limited (available just for a week⏳), so I guess not all…7 min read·Apr 19, 2021----
Pawel RzepaHow can you benefit by sharing your knowledge?Ending of the year is often good time to do some summary of your current achievements and future goals. My review of 2020 inspired me to…4 min read·Jan 3, 2021----
Pawel RzepainThe StartupAWS Access Keys Leak in GitHub Repository and Some Improvements in Amazon ReactionAWS access keys leak via public code repository is quite known security problem. So common, that popular version control systems offer for…5 min read·Nov 19, 2020--1--1
Pawel RzepainSecuRingServerless (in)securityserverless opens up a number of benefits for us, but we can’t forget about its threats. Even if you “believe” in security of your code, you6 min read·Mar 5, 2020----
Pawel RzepaPassing the AWS Certified Security Speciality examRecently I’ve passed the “AWS Certified Security — Speciality” exam, so I think that’s the best proof that my preparation process was good…4 min read·Nov 5, 2019--6--6