Penetration Test Reports and Vulnerability Aggregation
Penetration test reports, aggregating findings and thinking more deeply.
Showing only posts in pentesting. Show all posts.
AWS and GitHub OIDC Cross Account Roles
AWS and overly permissive GitHub OIDC cross-account role trust policies
Cybersecurity Fundamentals for Kubernetes
Blog post about Kubernetes Security Fundementals
Understanding Cloud Configuration Reviews
Blog post about Cloud Configuration Reviews
From Domain User to Domain Admin (DA), From DA to Global Admin (GA)
How to own an internal domain and pivot into the cloud
Snotra Lambda
Continuous AWS Testing with Snotra, Lambda, Cloud Watch EventBridge and S3.
Python Tools Using ldap3 and Issues with Channel Binding and Signing
Fixing issues in common tools with Python ldap3 when connecting to Domain Controllers with LDAP signing and binding enabled.
Internal Top Five
A series of blog Posts for Claranet Cyber Security about common high impact issues discoverd on internal penetration tests and how to fix them.
Relaying to Active Directory Certificate Services (ADCS) and Resource Based Constrained Delegation (RBCD)
Getting Local Administrator access with NTLM Relay attacks against ADCS and RBCD attacks.