Pawel Rzepa

🔥New blog post🔥 "#AWS privilege escalation: exploring odd features of the Trust Policy" a.k.a. how to assume an IAM role without "sts:AssumeRole" permission? rzepsky.medium.com/aws-privilege-…

Denial of wallet attacks are a very real thing 😬I think the official solution to this is to front your S3 bucket with CloudFront. @maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1" target="_blank" rel="nofollow noopener">medium.com/@maciej.pocwie…

AWS CloudShell got container functionality this week. This felt like an opportunity to do a deep(-ish) dive into how CloudShell works under the hood. I extracted some containers and listed some roles. I remembered that I suck at non-sequence diagrams. awsteele.com/blog/2024/01/1…

@Frichette_n @_dirkjan @DrAzureAD @PyroTek3 @kfosaaen @Haus3c @_wald0 @424f424f @Flangvik

Thank you everyone who attended my talk @fwdcloudsec! The slides are here: frichetten.com/fwdcloudsec-20…

Think you are an AWS IAM expert? 🤖 Put on your attacker hat and play our new CTF: The Big IAM Challenge! 🎉 wiz.io/blog/the-big-i…

Today we share our Alibaba Cloud research for the first time, where we gained unauthorized access to other customers' databases in two different services 🚨 This complex research involved RCE, PE, Container escape, K8s lateral movement, and supply chain attack. Check it out 🧵

In addition to the SCP validator (aka linter), AWS also put together a collection of SCPs github.com/aws-samples/se… and has a re:Inforce video from the author of that repo, Swara Gandhi youtube.com/watch?v=KFphCn…

This is an excellent writeup by Sylwia Budzynska on the fundamentals of static analysis, especially the practical graph theory background of the tools. It's important to understand how they work! github.blog/2023-03-31-cod…

#CodeQL zero to hero part 1: the fundamentals of #static #analysis for #vulnerability #research github.blog/2023-03-31-cod…

I hacked into a @Bing CMS that allowed me to alter search results and take over millions of @Office365 accounts. How did I do it? Well, it all started with a simple click in @Azure… 👀 This is the story of #BingBang 🧵⬇️

@rchrdbyd @benbridts @iann0036 @shmick @awscloud Love this hack 😍

@benbridts @iann0036 @shmick @awscloud same. generate 10 and keep only the ones that start with a leading 0. This way you always know which accounts are "real" just by looking at the ID and you teach your teams to properly string-encode account IDs

@Voulnet Well, eventually it doesn't matter if it was basic or sophisticated when it works. For me it's a good real case example of a need to care about layered security and not just about perimeter. I can see too often such misconfigs in the wild. Hopefully it'll be a trigger for changes

@Rzepsky Kudos to them for the write up but I felt it was too basic for a cloud based attack. Pwn app, abuse instance Metadata v1, find juicy cred and use it to find stuff in other plaintext services.

Interesting real-life cyber attack with a good kill chain analysis. It uncovers the all-too-common mistakes that lead to data theft, including hardcoded secrets and overlooked least privilege principles. Worth reading article 👇

New cloud security research! We found a method to bypass CloudTrail logging for both read AND write API actions in AWS Service Catalog! In addition, we also reported an issue with a lack of CloudTrail logging in AWS Control Tower. securitylabs.datadoghq.com/articles/bypas…

@lancinimarco @CloudSecList Thank you @lancinimarco for regular providing such great content🙏

WOW! 🎉 We just hit 10K active subscribers on @CloudSecList – thanks for being part of our incredible community. If you are not on it yet, you can subscribe at: cloudseclist.com

My talk "What I Wish I Knew Before Pentesting AWS Environments" for SANS Pen Test Hackfest 2022 is now on YouTube! Check it out if you're interested in learning more ways to attack AWS environments. youtube.com/watch?v=jq8SAF…

Found a cool CloudFormation StackSet feature that didn't get an announcement blogpost (yet?): At this point it still seems very limited, but hopefully it will get more features over time docs.aws.amazon.com/AWSCloudFormat…

📜 Trying to get better at putting out rougher work! To that end, I'm starting to externalize some of my internal knowledge hub - starting with an enumeration of Lambda risks. Let me know what I'm missing! ramimac.github.io/wiki/lambda-ri…

This was cool to read :) Thanks @Rzepsky ! rzepsky.medium.com/aws-and-hacker…

This will be a little chaotic. Different IAM privileges depending on when your account was created and they are retiring some privileges.