Back to directory
WRITEUP #2670

How I Found a company’s internal S3 Bucket with 41k Files

CloudAWS misconfiguration
by@KoyalwarTarun(Tarun Koyalwar)
Bounty
250
Program
-
Published
May 24, 2022
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5
RELATED WRITEUPS
The Hunt for ALBeast: A Technical Walkthrough
CloudAWS ALB
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
CloudOIDC
Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD
CloudPrivilege escalation
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
CloudRCE
UnOAuthorized: Privilege Elevation Through Microsoft Applications
CloudPrivilege escalation

Built with ❤️ by Shubham Rawat