Comments for NetSPI

Comment on Gaining AWS Console Access via API Keys by Ian Williams

Ian Williams — Wed, 18 Mar 2020 21:29:23 +0000

In reply to HAYTHAM. Hi there, Haytham, That's a bit out-of-scope for this blog post - however, there's a full list of IAM identifiers in the AWS IAM User Guide. That's where the guidance on AKIA and ASIA came from above. Looking for the values there might give you something interesting if you've got hard-coded credentials. --Ian

Comment on Gaining AWS Console Access via API Keys by HAYTHAM

HAYTHAM — Wed, 18 Mar 2020 21:25:16 +0000

Interesting! thank you for this.
so if I’m doing a pentesting for an android app, which words/methods should I look for to check if there is hardcoded about this? ASIA / AKIA?

Thanks again 🙂

Comment on Azure Privilege Escalation via Cloud Shell by Azure Privilege Escalation Using Managed Identities

Azure Privilege Escalation Using Managed Identities — Wed, 26 Feb 2020 03:50:11 +0000

[…] See Cloud Shell Privilege Escalation […]

Comment on Breaking Out! of Applications Deployed via Terminal Services, Citrix, and Kiosks by Azure Privilege Escalation Using Managed Identities

Azure Privilege Escalation Using Managed Identities — Thu, 20 Feb 2020 18:52:12 +0000

[…] Thick Application Breakouts […]

Comment on Running PowerShell on Azure VMs at Scale by Azure Privilege Escalation Using Managed Identities

Azure Privilege Escalation Using Managed Identities — Thu, 20 Feb 2020 18:34:01 +0000

[…] Azure IAM “Contributor” permissions on the VM […]

Comment on Running PowerShell on Azure VMs at Scale by Attacking Azure with Custom Script Extensions

Attacking Azure with Custom Script Extensions — Thu, 13 Feb 2020 15:01:57 +0000

[…] the same command in Cloud Shell to launch a new Grunt. If we have multiple target VMs, we could use Invoke-AzureRmVMRunCommand to execute the Launcher across many targets at […]

Comment on Get-AzurePasswords: Exporting Azure RunAs Certificates for Persistence by Using Azure Automation Accounts to Access Key Vaults

Using Azure Automation Accounts to Access Key Vaults — Mon, 30 Dec 2019 18:13:33 +0000

[…] is the second post in a series of blogs that focuses around Azure Automation. Check out “Exporting Azure RunAs Certificates for Persistence” for more info on how authentication works for Automation Accounts. In this installment, […]

Comment on Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS by jjjj

jjjj — Fri, 29 Nov 2019 15:15:54 +0000

Be aware that if you create a wildcard record in your internal zone for defense, you might affect name resolution for localhost.example.com. Systems that resolved it to 127.0.0.1 might resolve it to the IP of the wildcard entry now. So you might want to create a A record for localhost. Some discussions on this (without a clear conclusion) in https://serverfault.com/questions/120769/localhost-in-a-dns-zone

Comment on Four Ways to Bypass Android SSL Verification and Certificate Pinning by Some Useful AppSec Resources – Little Man In My Head

Some Useful AppSec Resources – Little Man In My Head — Sun, 03 Nov 2019 05:48:39 +0000

[…] Four Ways to Bypass Android SSL Verification and Certificate Pinning […]

Comment on Four Ways to Bypass iOS SSL Verification and Certificate Pinning by Some Useful AppSec Resources – Little Man In My Head

Some Useful AppSec Resources – Little Man In My Head — Sun, 03 Nov 2019 05:45:49 +0000

[…] Four Ways to Bypass iOS SSL Verification and Certificate Pinning […]