Read First:

If you’re new to Ghostwriter, start with this blog post to understand the project’s goals: https://posts.specterops.io/introducing-ghostwriter-part-1-61e7bd014aff

For those of you lacking the desire or the attention span to read another blog post, here’s the gist:

  • Ghostwriter can keep track of clients, projects, findings, and infrastructure.
  • Ghostwriter automates routine assessment reporting tasks allowing operators to focus their time on analysis and custom content creation rather than formatting.

Intro

For the past couple months, a few of us at SpecterOps have focused on updating Ghostwriter to improve usability, enhance reporting, and enable the project…


TLDR:

Given proper trust relationships, a role assumed with temporary credentials can be preserved indefinitely and give an attacker persistent access to an AWS environment by role chaining in a cyclical pattern.

Read first:

Drink first:

Intro

On a recent red-team engagement, one of our objectives was to test the client AWS security posture and gain access to any/all AWS accounts. After a few weeks of pursuing other objectives, we were able to obtain STS credentials for federated users that were being written to a publicly accessible log whenever the STS credentials were being requested. This included the access key, secret key, and session token. Gaining…

hotnops

software engineer / optimist / tiki drink enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store