Securing Service Principals
How Entra ID App Registrations / Enterprise Applications are comonly misconfigured and can be used by attackers to elevate privileges, access sensitive information and move laterally across Azure tenancies.
Showing only posts tagged pentesting. Show all posts.
Snotra Kubernetes
Snotra now supports kubernetes!
AxeOS CSRF Vulnerability
Using CSRF Attack to update the Payout Address on BitAxe Bitcoin Miners
Pillaging Data from Private AWS Subnets
Exploiting overly permissive VPC endpoints to exfiltrate data from private AWS subnets
Penetration Testing Training Labs
Labs to learn penetration testing and offensive security
Penetration Test Reports and Vulnerability Aggregation
Penetration test reports, aggregating findings and thinking more deeply.
AWS and GitHub OIDC Cross Account Roles
AWS and overly permissive GitHub OIDC cross-account role trust policies