gitea-mirror/hacktricks-cloud
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks-cloud.git synced 2026-02-04 19:11:41 -08:00
Code Issues Packages Projects Releases Wiki Activity
712 Commits 22 Branches 17 Tags
8c472fbf017fafb32fa9d99d2a45277b3a1f3bea
Commit Graph

421 Commits

Author SHA1 Message Date
Ben
8c472fbf01 Revise README for AWS MWAA execution role vulnerability 
Updated README to reflect the AWS MWAA execution role vulnerability and its implications for security, including detailed attack vectors
 2025-10-23 16:25:37 -05:00
Ben
65a1490ad0 Update README to clarify policy tightening process 
Clarified the process of tightening the policy after deployment and the implications for defenders.
 2025-10-23 13:24:27 -05:00
Ben
0d4fb441a9 Add README for AWS MWAA post-exploitation 
fix location and structure
 2025-10-23 13:20:36 -05:00
Ben
6fc8a8126e Add AWS MWAA post-exploitation documentation 
Document the security risks and attack vectors associated with AWS MWAA's execution role, including data exfiltration and command and control channels.
 2025-10-21 18:46:40 -05:00
carlospolop
08c2e42b76 f 2025-10-17 17:37:06 +02:00
carlospolop
1719f8ed3c f 2025-10-13 22:42:54 +02:00
carlospolop
9df8a4ac92 organize aws + new attacks 2025-10-09 12:26:40 +02:00
carlospolop
6dd86b2c9e rds post recheck 2025-10-07 17:28:10 +02:00
carlospolop
95302db34c AWS RDS post-exploitation: Out-of-band SQL via Data API + master password reset (Aurora) 2025-10-07 14:04:48 +02:00
SirBroccoli
90bd042880 Merge pull request #219 from JaimePolop/master 
IAM and KMS Post Exploitation extended
 2025-10-07 11:02:17 +02:00
SirBroccoli
1077cf6f89 Update AWS KMS post-exploitation documentation 
Clarified KMS policy restrictions and updated ransomware sections.
 2025-10-07 11:02:01 +02:00
carlospolop
27fd007fdd lambda attacks recheck 2025-10-07 00:41:18 +02:00
JaimePolop
29e379d07d IAM and KMS Post Exploitation extended 2025-10-06 19:01:11 +02:00
carlospolop
83663e4f98 dynamoDB attacks recheck 2025-10-06 13:14:59 +02:00
carlospolop
b5b72b0d26 Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud 2025-10-06 11:53:38 +02:00
carlospolop
0f213ea2db aws secrets manager recheck 2025-10-06 11:53:33 +02:00
SirBroccoli
9508f50485 Update aws-secrets-manager-privesc.md 2025-10-04 11:03:30 +02:00
SirBroccoli
e188809f70 Update aws-secrets-manager-post-exploitation.md 2025-10-04 11:02:17 +02:00
JaimePolop
03a213fcdd Secrets manager new attacks 2025-10-02 13:23:37 +02:00
SirBroccoli
e9003a3050 Merge pull request #217 from JaimePolop/master 
KMS DOS explanation
 2025-10-01 12:22:35 +02:00
JaimePolop
6411d85ebf KMS DOS explanation 2025-10-01 11:58:25 +02:00
carlospolop
1b274752fd f 2025-10-01 11:54:20 +02:00
SirBroccoli
8d39c38b58 Merge pull request #216 from HackTricks-wiki/update_Cooking_an_SQL_Injection_Vulnerability_in_Chef_Aut_20250930_182633 
Cooking an SQL Injection Vulnerability in Chef Automate
 2025-09-30 21:13:40 +02:00
SirBroccoli
7097f55620 Update SUMMARY.md 2025-09-30 21:13:20 +02:00
HackTricks News Bot
21b31a3be3 Add content from: Cooking an SQL Injection Vulnerability in Chef Automate 
- Remove searchindex.js (auto-generated file)
 2025-09-30 18:28:35 +00:00
JaimePolop
5d031d4518 Roles Anywhere explanation 2025-09-30 17:50:02 +02:00
SirBroccoli
1e51bb702d Merge pull request #210 from HackTricks-wiki/update_Forgotten_20250917_063108 
Forgotten
 2025-09-30 01:24:53 +02:00
SirBroccoli
1111212cbb Update attacking-kubernetes-from-inside-a-pod.md 2025-09-30 01:07:36 +02:00
SirBroccoli
bb763109dc Merge pull request #209 from HackTricks-wiki/update_GitHub_Actions__A_Cloudy_Day_for_Security_-_Part_2_20250915_124429 
GitHub Actions A Cloudy Day for Security - Part 2
 2025-09-30 01:05:33 +02:00
SirBroccoli
25af34d5a2 Merge pull request #208 from HackTricks-wiki/update_Building_Hacker_Communities__Bug_Bounty_Village__g_20250915_123837 
Building Hacker Communities Bug Bounty Village, getDisclosed...
 2025-09-30 00:57:56 +02:00
carlospolop
c8957b9107 f 2025-09-30 00:39:12 +02:00
SirBroccoli
de064b1b68 Merge pull request #214 from JaimePolop/master 
GetFederatedToken & IAM Roles Anywhere Privesc
 2025-09-30 00:23:32 +02:00
SirBroccoli
78767e199c Merge pull request #207 from HackTricks-wiki/update_GitHub_Actions__A_Cloudy_Day_for_Security_-_Part_1_20250909_013245 
GitHub Actions A Cloudy Day for Security - Part 1
 2025-09-29 23:05:37 +02:00
SirBroccoli
65816a9798 Merge pull request #206 from HackTricks-wiki/update_Model_Namespace_Reuse__An_AI_Supply-Chain_Attack_E_20250904_125657 
Model Namespace Reuse An AI Supply-Chain Attack Exploiting M...
 2025-09-29 23:04:02 +02:00
SirBroccoli
fc5e23269c Update pentesting-cloud-methodology.md 2025-09-29 23:03:41 +02:00
SirBroccoli
89a2ab54ae Update pentesting-cloud-methodology.md 2025-09-29 23:03:04 +02:00
JaimePolop
f3afa739ad Roles Anywhere explanation 2025-09-29 22:53:29 +02:00
JaimePolop
590e54ea9e stsgetfederatedtoken 2025-09-29 17:15:59 +02:00
JaimePolop
e153dc47b0 stsgetfederatedtoken 2025-09-29 17:14:00 +02:00
HackTricks News Bot
37b03b3517 Add content from: Forgotten 
- Remove searchindex.js (auto-generated file)
 2025-09-17 06:34:24 +00:00
HackTricks News Bot
a6491998d2 Add content from: GitHub Actions: A Cloudy Day for Security - Part 2 
- Remove searchindex.js (auto-generated file)
 2025-09-15 12:47:04 +00:00
HackTricks News Bot
dba44c006e Add content from: Building Hacker Communities: Bug Bounty Village, getDisclose... 
- Remove searchindex.js (auto-generated file)
 2025-09-15 12:43:09 +00:00
HackTricks News Bot
b9b20e4567 Add content from: GitHub Actions: A Cloudy Day for Security - Part 1 
- Remove searchindex.js (auto-generated file)
 2025-09-09 01:35:49 +00:00
carlospolop
7f435558c4 Merge branch 'master' of github.com:HackTricks-wiki/hacktricks-cloud 2025-09-05 01:35:13 +02:00
carlospolop
a7ce58fa25 tf 2025-09-05 01:34:02 +02:00
HackTricks News Bot
5b5e339f96 Add content from: Model Namespace Reuse: An AI Supply-Chain Attack Exploiting ... 
- Remove searchindex.js (auto-generated file)
 2025-09-04 13:00:46 +00:00
SirBroccoli
5bd2aafc8e Merge pull request #204 from HackTricks-wiki/update_Gitblit_CVE-2024-28080__SSH_public_key_fallback_to_20250829_182811 
Gitblit CVE-2024-28080 SSH public‑key fallback to password a...
 2025-08-31 10:17:05 +02:00
SirBroccoli
00730ca794 Add Gitblit Security section to SUMMARY.md 2025-08-31 10:16:44 +02:00
SirBroccoli
923f510164 Refactor pentesting CI/CD methodology document 
Removed redundant sections on CI/CD pipelines and VCS pentesting methodology. Updated references and streamlined content for clarity.
 2025-08-31 10:15:04 +02:00
SirBroccoli
fec9bfb986 Update pentesting-ci-cd-methodology.md 2025-08-31 10:12:16 +02:00