assumed_role_breadcrumbs

Cloudtrail events in AWS offer a lot of visibility into the calls that roles leverage within the platform. Sometimes tracking the original source of the activity can be challenging. When users and other aws services from one account assume role into another hunting the origin can take a bit of backtracking.

November 28, 2018 · 6 min · Travis

cloudtrail_anomaly_detection

Overview of an anomaly detection platform using cloudtrail logs, athena, lambda, s3, and dynamodb

November 28, 2018 · 7 min · Travis

codebuild_secrets

Cloud Goat codebuild secrets scenario walkthrough

November 28, 2018 · 12 min · Travis

ec2_ssrf

Cloud Goat ec2 ssrf scenario walkthrough

November 28, 2018 · 9 min · Travis

emr_security_woes

Walkthrough of Elastic Map Reduce compromise, and why it should never be directly exposed to the Internet.

November 28, 2018 · 9 min · Travis