Introduction CloudSploit is an AWS compliance, security and configuration monitoring scanner which is the first of its kind. It is an open source project designed to detect security risks in AWS. The CloudSploit Scans is built on NodeJS script which works on two phases. Collection and Scanning. After a successful run, Read more…
What is AWS Post exploitation? Post exploitation is required when you’ve successfully compromised a particular target. The purpose of the AWS Post Exploitation phase is to determine the value of the account compromised and to maintain control of the account for later use. The value of the account is determined by Read more…
AWS Security Automation Security automation is the automatic handling of a task in a script or machine based security application that would otherwise be done manually by a cybersecurity professional. AWS Security Automation is automating your AWS testing tasks like scanning, enumeration, that would save time and workload of security Read more…
Introduction Nimbostratus is a tool developed by Andres Riancho for fingerprinting and exploiting Amazon cloud infrastructures. Nimbostratus uses any application level HTTP proxy vulnerability to enumerate the instance and credentials from the metadata service which is available to all the instances in EC2. This tool-set can be tested on nimbostratus-target, Read more…
Introduction In this article, we will be talking about Cloud Custodian, an open source rules engine for fleet management in AWS. The simple YAML DSL allows you to easily define rules to enable a well-managed cloud infrastructure, that’s both secure and cost optimized. Cloud Custodian unifies the dozens of tools Read more…
AWS Incident Response In this post, we will be talking about the ways one can set up and automate a set of functions that need to be carried out in a sequence in case an attack happens in AWS, Yes! AWS Incident response. Having the whole infrastructure on the cloud Read more…