If you’re new to Ghostwriter, start with this blog post to understand the project’s goals: https://posts.specterops.io/introducing-ghostwriter-part-1-61e7bd014aff
For those of you lacking the desire or the attention span to read another blog post, here’s the gist:
For the past couple months, a few of us at SpecterOps have focused on updating Ghostwriter to improve usability, enhance reporting, and enable the project…
Given proper trust relationships, a role assumed with temporary credentials can be preserved indefinitely and give an attacker persistent access to an AWS environment by role chaining in a cyclical pattern.
On a recent red-team engagement, one of our objectives was to test the client AWS security posture and gain access to any/all AWS accounts. After a few weeks of pursuing other objectives, we were able to obtain STS credentials for federated users that were being written to a publicly accessible log whenever the STS credentials were being requested. This included the access key, secret key, and session token. Gaining…
software engineer / optimist / tiki drink enthusiast