Back to directory
WRITEUP #165

Capturing Exposed AWS Keys During Dynamic Web Application Tests

CloudBroken authorization
by@ZatezaloAleksa(Aleksa Zatezalo)
Program
-
Published
Jul 18, 2024
Added to HackDex
Jul 30, 2024
Read Full Writeuphttps://www.praetorian.com/blog/capturing-exposed-aws-keys-during-dynamic-web-application-tests/
RELATED WRITEUPS
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
RCEForced browsing
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
How 1 Exposed Honeywell API Gave us Control Over an Internal Engineering System
ReconMissing authentication
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat