Pentesting

Pwning AWS AgentCore Code Interpreter

I discovered that AWS Bedrock AgentCore Code Interpreter's "Sandbox" mode leaks DNS queries, enabling a full DNS-tunneling C2 channel, reverse shell, and data exfiltration from a supposedly network-isolated sandbox. Disclosed via HackerOne.

Pwning AgentCore Code Interpreter

Research and proof-of-concept showing how AWS Bedrock AgentCore Code Interpreter's "Sandbox" network mode leaks DNS queries, enabling a full DNS-tunneling C2 channel, reverse shell, and S3/DynamoDB data exfiltration out of a supposedly network-isolated sandbox.

Endgame

An AWS Pentesting tool that lets you use one-liner commands to share AWS account's resources with a rogue AWS account - or to the entire internet.