AWS

I discovered that AWS Bedrock AgentCore Code Interpreter's "Sandbox" mode leaks DNS queries, enabling a full DNS-tunneling C2 channel, reverse shell, and data exfiltration from a supposedly network-isolated sandbox. Disclosed via HackerOne.

Research and proof-of-concept showing how AWS Bedrock AgentCore Code Interpreter's "Sandbox" network mode leaks DNS queries, enabling a full DNS-tunneling C2 channel, reverse shell, and S3/DynamoDB data exfiltration out of a supposedly network-isolated sandbox.

A cheatsheet of SQL queries to use in CloudQuery to identify public network endpoints in AWS.

Short tutorial to set up recurring Prowler scans in AWS

Prevent SSRF attacks on AWS EC2 via automated upgrades to the more secure Instance Metadata Service v2 (IMDSv2).

A static analysis tool for Infrastructure as Code (IAC) such as Terraform and CloudFormation. I contributed the underlying logic behind the AWS IAM Security scanning rules.

An AWS Pentesting tool that lets you use one-liner commands to share AWS account's resources with a rogue AWS account - or to the entire internet.

Worried about AWS IAM permissions that allow you to access data (like S3 objects, CodeCommit code, others) or return credentials in their response? I've updated my list of these potentially dangerous API calls and you can read about them here.

An AWS IAM Security Assessment tool that identifies violations of least privilege & creates a risk-prioritized report.

This tutorial covers building secure AWS AMIs with Packer. We go over building the prerequisite infrastructure to create EC2 AMIs from scratch, how to use the example hardening scripts for CentOS, and how to validate the testing with Amazon Inspector.