translate 2

2026-06-25 07:54:25 -07:00 · 2025-01-01 21:36:26 +01:00
parent d0b9174054
commit 2beb8398a6
250 changed files with 0 additions and 256 deletions
@@ -177,4 +177,3 @@ If they are used for example inside a a bash command, you could perform a comman



-
@@ -113,4 +113,3 @@ AUTH_ROLE_PUBLIC = 'Admin'



-
@@ -45,4 +45,3 @@ These are the default permissions per default role:



-
@@ -390,4 +390,3 @@ You can also pass these as environment variables `ATLANTIS_WEB_BASIC_AUTH=true`



-
@@ -257,4 +257,3 @@ jobs:



-
@@ -136,4 +136,3 @@ cloudflare-zero-trust-network.md



-
@@ -135,4 +135,3 @@ TODO



-
@@ -63,4 +63,3 @@ TODO



-
@@ -35,4 +35,3 @@ concourse-enumeration-and-attacks.md



-
@@ -40,4 +40,3 @@ In order to execute tasks concourse must have some workers. These workers **regi



-
@@ -444,4 +444,3 @@ Accept-Encoding: gzip.



-
@@ -153,4 +153,3 @@ Check a YAML pipeline example that triggers on new commits to master in [https:/



-
@@ -140,4 +140,3 @@ If you are inside the server you can also **use the `gitea` binary** to access/m



-
@@ -105,4 +105,3 @@ Different protections can be applied to a branch (like to master):



-
@@ -246,4 +246,3 @@ For more info check [https://www.chainguard.dev/unchained/what-the-fork-imposter



-
@@ -583,4 +583,3 @@ The following tools are useful to find Github Action workflows and even find vul



-
@@ -4,4 +4,3 @@



-
@@ -4,4 +4,3 @@



-
@@ -4,4 +4,3 @@



-
@@ -58,4 +58,3 @@ And the latest one use a short sha-1 that is bruteforceable.



-
@@ -257,4 +257,3 @@ Different protections can be applied to a branch (like to master):



-
@@ -414,4 +414,3 @@ println(hudson.util.Secret.decrypt("{...}"))



-
@@ -96,4 +96,3 @@ According to [**the docs**](https://www.jenkins.io/blog/2019/02/21/credentials-m



-
@@ -107,4 +107,3 @@ The example curl command provided demonstrates how to make a request to Jenkins



-
@@ -91,4 +91,3 @@ for (c in creds) {



-
@@ -41,4 +41,3 @@ If you can access the configuration file of some pipeline configured you could j



-
@@ -38,4 +38,3 @@ If you are not executing a reverse shell but a simple command you can **see the



-
@@ -65,4 +65,3 @@ msf> use exploit/multi/http/jenkins_script_console



-
@@ -116,4 +116,3 @@ okta-hardening.md



-
@@ -201,4 +201,3 @@ Here you can download Okta agents to sync Okta with other technologies.



-
@@ -106,4 +106,3 @@ Check this interesting article about the top 10 CI/CD risks according to Cider:



-
@@ -860,4 +860,3 @@ Granting excessive permissions to team members and external collaborators can le



-
@@ -165,4 +165,3 @@ It's possible to **store secrets** in supabase also which will be **accessible b



-
@@ -314,4 +314,3 @@ brew install terrascan



-
@@ -18,4 +18,3 @@ Github PRs are welcome explaining how to (ab)use those platforms from an attacke



-
@@ -67,4 +67,3 @@ If an attacker ends in an environment which uses **TravisCI enterprise** (more i



-
@@ -94,4 +94,3 @@ The amount of deployed TCI Worker and build environment OS images will determine



-
@@ -439,4 +439,3 @@ An **Access Group** in Vercel is a collection of projects and team members with



-
@@ -392,4 +392,3 @@ aws ...



-
@@ -389,4 +389,3 @@ If you are looking for something **similar** to this but for the **browser** you



-
@@ -132,4 +132,3 @@ In order to specify **which service account should be able to assume the role,**



-
@@ -20,4 +20,3 @@ These are the permissions you need on each AWS account you want to audit to be a



-
@@ -4,5 +4,3 @@



-
-
@@ -35,4 +35,3 @@ Or just remove the use of API keys.



-
@@ -45,4 +45,3 @@ By default this is disabled:



-
@@ -66,4 +66,3 @@ The compromised instances or Lambda functions can periodically check the C2 tabl



-
@@ -57,4 +57,3 @@ Create a peering connection between the victim VPC and the attacker VPC so he wi



-
@@ -100,4 +100,3 @@ aws ecr put-replication-configuration \



-
@@ -102,4 +102,3 @@ aws ecs create-service --service-name "undocumented-service" --task-definition "



-
@@ -24,4 +24,3 @@ You could **create an access point** (with root access to `/`) accessible from a



-
@@ -80,4 +80,3 @@ aws elasticbeanstalk update-environment --environment-name my-env --option-setti



-
@@ -52,4 +52,3 @@ If the account is already trusting a common identity provider (such as Github) t



-
@@ -42,4 +42,3 @@ aws kms list-grants --key-id <key-id>



-
@@ -67,4 +67,3 @@ Here you have some ideas to make your **presence in AWS more stealth by creating



-
@@ -45,4 +45,3 @@ The tool [**lambda-spy**](https://github.com/clearvector/lambda-spy) was created



-
@@ -133,4 +133,3 @@ aws lambda remove-layer-version-permission --layer-name ExternalBackdoor --state



-
@@ -36,4 +36,3 @@ If domains are configured:



-
@@ -34,4 +34,3 @@ aws rds modify-db-snapshot-attribute --db-snapshot-identifier <snapshot-name> --



-
@@ -28,4 +28,3 @@ Although usually ACLs of buckets are disabled, an attacker with enough privilege



-
@@ -56,4 +56,3 @@ def generate_password():



-
@@ -84,4 +84,3 @@ aws sns subscribe --region <region> \



-
@@ -42,4 +42,3 @@ The following policy gives everyone in AWS access to everything in the queue cal



-
@@ -4,5 +4,3 @@



-
-
@@ -24,4 +24,3 @@ If the AWS account is using aliases to call step functions it would be possible



-
@@ -134,4 +134,3 @@ Write-Host "Role juggling check complete."



-
@@ -4,5 +4,3 @@



-
-
@@ -149,4 +149,3 @@ aws apigateway create-usage-plan-key --usage-plan-id $USAGE_PLAN --key-id $API_K



-
@@ -34,4 +34,3 @@ You can check the [**tf code to recreate this scenarios here**](https://github.c



-
@@ -87,4 +87,3 @@ aws codebuild delete-source-credentials --arn <value>



-
@@ -191,4 +191,3 @@ aws codebuild start-build --project-name <proj-name>



-
@@ -23,4 +23,3 @@ aws controltower enable-control --control-identifier <arn_control_id> --target-i



-
@@ -98,4 +98,3 @@ A template for the policy document can be seen here:



-
@@ -352,4 +352,3 @@ bashCopy codeaws dynamodbstreams get-records \



-
@@ -480,4 +480,3 @@ if __name__ == "__main__":



-
@@ -144,4 +144,3 @@ You can use this tool to automate the attack: [https://github.com/Static-Flow/Cl



-
@@ -18,4 +18,3 @@ For more information and access to the [**malmirror script**](https://github.com



-
@@ -99,4 +99,3 @@ aws ecr-public batch-delete-image --repository-name your-ecr-repo-name --image-i



-
@@ -66,4 +66,3 @@ The EC2 instance will probably also have the permission `ecr:GetAuthorizationTok



-
@@ -57,4 +57,3 @@ aws efs delete-access-point --access-point-id <value>



-
@@ -158,4 +158,3 @@ So, if an **attacker compromises a cluster using fargate** and **removes all the



-
@@ -83,4 +83,3 @@ aws elasticbeanstalk remove-tags --resource-arn arn:aws:elasticbeanstalk:us-west



-
@@ -106,4 +106,3 @@ A common way to avoid Confused Deputy problems is the use of a condition with `A



-
@@ -136,4 +136,3 @@ aws kms schedule-key-deletion \



-
@@ -32,4 +32,3 @@ Abusing Lambda Layers it's also possible to abuse extensions and persist in the



-
@@ -66,4 +66,3 @@ For more info check [https://github.com/carlospolop/lambda_bootstrap_switcher](h



-
@@ -33,4 +33,3 @@ Check out the Lightsail privesc options to learn different ways to access potent



-
@@ -22,4 +22,3 @@ aws organizations deregister-account --account-id <account_id> --region <region>



-
@@ -95,4 +95,3 @@ aws rds start-export-task --export-task-identifier attacker-export-task --source



-
@@ -41,4 +41,3 @@ Finally, the attacker could upload a final file, usually named "ransom-note.txt,



-
@@ -52,4 +52,3 @@ aws secretsmanager delete-secret \



-
@@ -86,4 +86,3 @@ Still to test.



-
@@ -83,4 +83,3 @@ aws sns untag-resource --resource-arn <value> --tag-keys <key>



-
@@ -90,4 +90,3 @@ arduinoCopy codeaws sqs remove-permission --queue-url <value> --label <value>



-
@@ -28,4 +28,3 @@ aws sso-admin delete-account-assignment --instance-arn <SSOInstanceARN> --target



-
@@ -77,4 +77,3 @@ aws stepfunctions untag-resource --resource-arn <value> --tag-keys <key>



-
@@ -51,7 +51,6 @@ resp=$(curl -s "$federation_endpoint" \
 signin_token=$(echo -n $resp | jq -r '.SigninToken' | tr -d '\n' | jq -sRr @uri)


-
 # Give the URL to login
 echo -n "https://signin.aws.amazon.com/federation?Action=login&Issuer=example.com&Destination=https%3A%2F%2Fconsole.aws.amazon.com%2F&SigninToken=$signin_token"
 ```
@@ -107,4 +106,3 @@ response = client.get_secret_value(SecretId="flag_secret") print(response['Secre



-
@@ -16,4 +16,3 @@ For more information:



-
@@ -25,4 +25,3 @@ The way to escalate your privileges in AWS is to have enough permissions to be a



-
@@ -110,4 +110,3 @@ aws apigateway update-vpc-link --vpc-link-id $VPC_LINK_ID --patch-operations op=



-
@@ -12,4 +12,3 @@ TODO



-
--- a/Show More
+++ b/Show More
				`@@ -177,4 +177,3 @@ If they are used for example inside a a bash command, you could perform a comman`
				`@@ -45,4 +45,3 @@ These are the default permissions per default role:`
				@@ -390,4 +390,3 @@ You can also pass these as environment variables `ATLANTIS_WEB_BASIC_AUTH=true`
				`@@ -40,4 +40,3 @@ In order to execute tasks concourse must have some workers. These workers **regi`
				`@@ -153,4 +153,3 @@ Check a YAML pipeline example that triggers on new commits to master in [https:/`
				@@ -140,4 +140,3 @@ If you are inside the server you can also use the `gitea` binary to access/m
				`@@ -105,4 +105,3 @@ Different protections can be applied to a branch (like to master):`
				`@@ -246,4 +246,3 @@ For more info check [https://www.chainguard.dev/unchained/what-the-fork-imposter`
				`@@ -583,4 +583,3 @@ The following tools are useful to find Github Action workflows and even find vul`
				`@@ -58,4 +58,3 @@ And the latest one use a short sha-1 that is bruteforceable.`