Extracting Data From S3 As The Attacker
Our previous blog post discussed securing S3 buckets (you can find it here), but how might you steal data from those S3 buckets if you were an attacker? This blog post will explore some...
Tagged: Security
AWS IAM Policies – Customer Managed VS AWS Managed. Which is better?
An AWS policy is a JSON document that defines a user role, or service’s permissions. AWS provides a bunch of pre-configured policies, otherwise known as AWS-managed policies. Alternatively, you can create your own, which...
AWS Elastic Disaster Recovery Service. Is it Safe?
Elastic Disaster Recovery Service (DRS) is a disaster recovery service provided within AWS that allows you to “recover” from disasters both on-premiss and in the cloud. But, how does it actually work and is...
How Do We Secure AWS Organizations?
AWS Organizations allows you to manage multiple accounts under one management account, but how do we ensure they are secure? Creating A New “child” Account. Log in to the console of the account you...
Finally Announcing secwiki.cloud!
Hello everyone, its been quite some time since I’ve made a blog post… and there has been a good reason for that. I’ve been working on a lot of projects recently, and hopefully, some...
Why IAM:PassRole Can Be Dangerous If Not Configured Correctly
What happens when IAM:PassRole is not configured correctly? A quick demo of an IAM:PassRole attack.