Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/ Capturing Exposed AWS Keys During Dynamic Web Application Tests https://www.praetorian.com/blog/capturing-exposed-aws-keys-during-dynamic-web-application-tests/ AWS Network Firewall egress filtering can be easily bypassed https://canglad.com/blog/2023/aws-network-firewall-egress-filtering-can-be-easily-bypassed/
Tag: aws
AWS Notes – AWS Pentesting
An Opinionated Ramp Up Guide to AWS Pentesting https://awssecuritydigest.com/articles/opinionated-ramp-up-guide-to-aws-pentesting https://medium.com/@MorattiSec/my-aws-pentest-methodology-14c333b7fb58 Understanding the Shared Responsibility Model https://www.wiz.io/academy/shared-responsibility-model fwd:cloudsec https://fwdcloudsec.org/ AWS Customer Support Policy for Penetration Testing https://aws.amazon.com/security/penetration-testing/ Also, read this and follow the AWS pentesting rules. Cloud Tests One is a review of the external facing posture, which you can consider adjacent to a traditional External Read More …