gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-01-16 06:42:39 -08:00
Code Issues Packages Projects Releases Wiki Activity

AWS RDS post-exploitation: Out-of-band SQL via Data API + master password reset (Aurora)

Browse Source
This commit is contained in:
carlospolop
2025-10-07 14:04:48 +02:00
parent 90bd042880
commit 95302db34c
3 changed files with 282 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/pentesting-cloud/aws-security/aws-post-exploitation/aws-lambda-post-exploitation/README.md
View File

@@ -69,7 +69,7 @@ aws-lambda-function-url-public-exposure.md
Abuse `UpdateEventSourceMapping` to change the target Lambda function of an existing Event Source Mapping (ESM) so that records from DynamoDB Streams, Kinesis, or SQS are delivered to an attacker-controlled function. This silently diverts live data without touching producers or the original function code.
{{#ref}}
aws-lambda-event-source-mapping-target-hijack.md
aws-lambda-event-source-mapping-hijack.md
{{#endref}}
### AWS Lambda EFS Mount Injection data exfiltration