Research and proof-of-concept showing how AWS Bedrock AgentCore Code Interpreter's "Sandbox" network mode leaks DNS queries, enabling a full DNS-tunneling C2 channel, reverse shell, and S3/DynamoDB data exfiltration out of a supposedly network-isolated sandbox.
Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).
Azure Guardrails allows you to rapidly cherry-pick hundreds of security guardrails in Azure.
A static analysis tool for Infrastructure as Code (IAC) such as Terraform and CloudFormation. I contributed the underlying logic behind the AWS IAM Security scanning rules.
An AWS Pentesting tool that lets you use one-liner commands to share AWS account's resources with a rogue AWS account - or to the entire internet.
An AWS IAM Security Assessment tool that identifies violations of least privilege & creates a risk-prioritized report.
Generate Secure IAM Policies Automagically