Introduction Edge is a new reconnaissance tool with a unique capability of mapping IP addresses to their cloud providers. It can tell you the data center and service an IP address is hosted with. It automatically downloads all three cloud…
Anyone can learn to do technology “hacking”, and this post will walk you through an open source example that you can implement on your own. When you think of the term “hacker”, what image does it evoke? Do you think…
Information disclosure is a type of vulnerability in which a system inadvertently exposes confidential information. This post walks through an example of this flaw by looking at how environment variables can be misunderstood and misused in web applications. This post…
AriaCloud is Docker container built for remote pentesting. From its Github home: Aria Cloud is a Docker Container ideal for remote pentesting over SSH or RDP, with a primary emphasis on cloud security tools and secondary on Active Directory tools.…
Introduction: Creating Yet Another Fun Payload to Bypass Something Rather than focusing on a novel LOLBAS payload that triggers from a system and bypasses an endpoint security solution, I’ll show you an alternative method that can provide a deeper understanding…
Overview Research shows there is a Cybersecurity skills shortage that is growing worse (Oltsik, 2020). Sadly, we’ve grown accustomed to hearing news of companies falling victim to data breaches. The time is now for us to get better at defense.…
Overview Attacking Identity Systems is an attack vector growing in visibility. Look no further than the Golden SAML tactic [1] used in the SolarWinds campaign. We are seeing an explosion of Cyber Security tools [2, 3], techniques [4, 5], and…
Introduction PurpleCloud is an open-source Azure Cyber Range that can be used to quickly setup an Azure AD security lab filled with Azure resources. These resources enable a quick and safe way to test, evaluate, and understand Service Principal abuse…
Cloud Edge Summary: A reconnaissance tool for cloud provider attribution. Website: Github Code PurpleCloud Summary: A terraform lab generator for different Azure labs. Website: Github Docs BlueCloud Summary: A set of terraform templates for building AWS simulation labs for adversary…
SANS Pen Test Hackfest 2022: Purple Teaming Cloud Identity: Simulation Labs for Red and Blue teams Links: Slides (PDF) | Slideshare | Video BSides DFW 2022: Purple Teaming Cloud Identity: Simulation Labs for Red and Blue teams Links: Slides (PDF)…