Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
WeirdAAL update - get EC2 snapshots
published on 2020-05-18 00:01:00 UTC by UnknownContent:
I watched a good DEF CON video on abusing public AWS Snapshots
I, of course, wanted to check this out. There are tens of thousands of public snapshots in the various regions. The talk outlines what you can do with these and Bishop Fox released a tool to do it https://github.com/BishopFox/dufflebag. I wanted to script up a few weirdAAL modules to 1) for an AWS keypair you are testing check and see what snapshots you have available 2) for an AWS accountid list public snapshots. Useful for bug bounty or for monitoring your org for public snapshots. The account you are using will need at least AmazonEC2ReadOnlyAccess privileges.
Screenshot of the 2nd function below
 |
| listing snapshots for a random AWS accountid |
You can git clone or git pull to get the updated code from https://github.com/carnal0wnage/weirdAAL
If you just want to do it with the AWS CLI you can use the following shell script:
https://blog.carnal0wnage.com/2020/05/weirdaal-update-get-ec2-snapshots.html
Published: 2020 05 18 00:01:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Views: 1
