Dangling Domains

by | Oct 18, 2020 | AWS tools, Azure tools, Blog, Cloud, Herramientas / tools

Dangling Domains in AWS script for exploitation This was written by dafthack/aws-dangling-domain-discovery-tool.sh but was not working because BING updated its endpoints. Also I added some enhacements to the code. Like the last commented line, with that you can...

HoneyTokens AWS y Azure

by | Oct 17, 2020 | AWS tools, Azure tools, Blog, Cloud, Herramientas / tools

AWS Honeytokens, closely related to honeypots, are ‘tripwires’ that you leave on machines and data stores as early warning indications of a breach. Using AWS IAM access keys, we can create nearly limitless honeytokens for attackers to stumble upon – and it’s...

flAWS 2. Capture the flag de AWS en Español

by | Aug 23, 2020 | AWS tools, Blog, Cloud

flAWS2 es un capture de flag para enseñar problemas que son específicos de AWS. Hay un flaws1 Link -> http://flaws.cloud/ flaws2 Link -> http://level1.flaws2.cloud/ Nivel 1 Podemos ver que debes mandar un pin code. Pero si mandas una letra se genera un error:...

flAWS. Capture the flag de AWS en Español

by | Aug 22, 2020 | AWS tools, Blog, Cloud

flAWS es un capture de flag para enseñar problemas que son específicos de AWS. Link -> http://flaws.cloud/ Nivel 1 Notas: los nombres de S3 son únicos y deben estar acorde al dominio. Se pueden tener sitios estáticos muy eficientes en S3 con cloud. La lógica...

IAM audits AWS

by | Aug 21, 2020 | AWS tools, Cloud, Herramientas / tools

Hay dos herramientas interesantes para checar tu AIM ussage Repokid uses Access Advisor provided by Aardvark to remove permissions granting access to unused services from the inline policies of IAM roles in an AWS account. https://github.com/Netflix/repokid y...

Network mapping AWS

by | Aug 20, 2020 | AWS tools, Cloud, Herramientas / tools

Hace poco trabajé con un cliente y su pregunta principal era si podíamos atacar su nube desde fuera. Yo siempre pensado que lo más importante es tener una buena configuración y visualización de la misma. Es por eso que esta vez voy a hablar de como hacer mapas de tu...

IP a CloudService Script

by | Aug 15, 2020 | AWS tools, Azure tools, Herramientas / tools

Check which cloud provider is hosting a particular IP address. Some providers will also have service and region listed Resolves an IP address to the cloud provider it is hosted on https://github.com/oldrho/ip2provider 15 forks. 83 stars. 5 open issues. Recent commits:...

Pacu, Metasploit para AWS

by | Jul 4, 2020 | AWS tools, Blog, Cloud, Herramientas / tools

Pacu is an open source AWS exploitation framework, designed for offensive security testing against cloud environments. Pacu allows penetration testers to exploit configuration flaws within an AWS account, using modules to easily expand its functionality. Current...

IP rotation attacks in Cloud

by | Jul 1, 2020 | AWS tools, Blog, Cloud, Herramientas / tools

FireProx Being able to hide or continually rotate the source IP address when making web calls can be difficult or expensive. A number of tools have existed for some time but they were either limited with the number of IP addresses, were expensive, or required...

Prowler: AWS CIS Benchmark Tool

by | May 5, 2020 | AWS tools, Blog, Cloud, Herramientas / tools

Prowler is a command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has 40 additional checks including related to GDPR...