Published in SecuRing·Mar 7, 2022Setting up your AWS Monitoring — Security tipsAWS offers many services for different tasks, sometimes it even looks like multiple solutions try to solve the same problem. Choosing the right one could be challenging — that’s why I thought up about writing this article. …AWS14 min readAWS14 min read
Published in SecuRing·Aug 19, 2021Top 7 AWS security vulnerabilities based on real-world testsImagine you ordered a security assessment of your AWS infrastructure, hoping that the report would be juicy in wicked hacking techniques. However, the document starts with things like “Lack of MFA for users” or “Lack of Log File Validation”. These security misconfigurations might sound a little disappointing right? …AWS6 min readAWS6 min read
May 4, 2021Buggy Doggo CTF — Python memory leak FTW!Last Saturday I received a message from my acquaintance — James Santiago — about a CTF hosted by BugPoc and NahamSec, sponsored by Amazon. I thought there would be a challenge connected with AWS security, but oh… the task surprised me and really got me hooked! So if you want…Ctf7 min readCtf7 min read
Published in SecuRing·Apr 29, 2021What can you find in 57K AWS S3 buckets? 2021 updateAlmost 3 years have passed since my friend — Paweł Rzepa — did a research about open S3 buckets. The situation did not look good then, but maybe the topic of cloud security was not as widely publicized as it is today. …AWS9 min readAWS9 min read
Apr 18, 2021Hacking AWS: HackerOne & AWS CTF 2021 writeupPeople interested in AWS Security probably know projects like CloudGoat, flaws and flaws2.cloud — but I was lacking something new — and here came HackerOne CTF! Last week between 5 and 12 April they organised a CTF together with AWS — and it was a brilliant experience! If you are…AWS8 min readAWS8 min read
