all InfoSec news
Evading Attribution & Moving Laterally on AWS
April 10, 2023, 9:27 a.m. | Harsh Varagiya
InfoSec Write-ups - Medium infosecwriteups.com
It is really not that difficult to find AWS credentials in the wild — from accidental github commits to plaintext keys in android apps decompiled on bevigil.
But in the end, everything gets logged. CloudTrail Event history will pinpoint the User / AccessKey that made the AWS API Calls. Hence it is important to evade attribution and keep the found credentials (Access Keys, Tokens) valid for a longer time if at all possible.
Here is the result of one such …
attribution aws aws-iam aws-security cloud cloud security moving
More from infosecwriteups.com / InfoSec Write-ups - Medium
Private Interact.sh server setup with a web dashboard
1 day, 10 hours ago |
infosecwriteups.com
Hack Stories: Hacking Hackers EP:3
3 days, 10 hours ago |
infosecwriteups.com
Mastering Shodan Search Engine
4 days, 11 hours ago |
infosecwriteups.com
Email Verification Bypass via Remember Me
4 days, 11 hours ago |
infosecwriteups.com
Typo Trouble: Exploring the Telegram Python RCE Vulnerability
4 days, 11 hours ago |
infosecwriteups.com
Active DNS Recon using AXIOM
4 days, 11 hours ago |
infosecwriteups.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Cybersecurity Engineer
@ Booz Allen Hamilton | USA, VA, Arlington (1550 Crystal Dr Suite 300) non-client
Invoice Compliance Reviewer
@ AC Disaster Consulting | Fort Myers, Florida, United States - Remote
Technical Program Manager II - Compliance
@ Microsoft | Redmond, Washington, United States
Head of U.S. Threat Intelligence / Senior Manager for Threat Intelligence
@ Moonshot | Washington, District of Columbia, United States
Customer Engineer, Security, Public Sector
@ Google | Virginia, USA; Illinois, USA