© 2023 Hashnode
#misconfigurations
Introduction Penetration testing is an essential part of cybersecurity, helping organizations identify and address potential security vulnerabilities before they can be exploited by malicious actors. …
AWS S3 Determine if a site is hosted as an S3 bucket. Whatever IP is returned will redirect you to AWS S3 landing page. dig +nocmd <domain name> any +multiline +noall +answer A reverse lookup sho…
AWS IAM Identity and Access Management (IAM) is an AWS service that helps to provide access control to AWS resources. IAM should and is used to control authentication and authorization. AWS IAM can be…
Active Directory Active Directory is a directory service used by organizations to store information about their users, computers, and other network resources. It's used primarily to provide a secure w…
Summary The challenge started with the web page accepting cmd parameter with only env command input. The output of the environment included AWS_ACCOUNT_ID and AWS_ROLE. After obtaining the credentials…
Summary The challenge started with the description along with the Terraform state file. This challenge involved the misconfiguration within the AWS policy allowing any AWS account to perform multiple …
Recently, security researcher Max Kellermann discovered a critical vulnerability in the Linux kernel that has been affecting all versions since 5.8, including Android devices. This vulnerability, dubb…
