Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

WeirdAAL update - get EC2 snapshots

published on 2020-05-18 00:01:00 UTC by Unknown
Content:
I watched a good DEF CON video on abusing public AWS Snapshots



I, of course, wanted to check this out. There are tens of thousands of public snapshots in the various regions.  The talk outlines what you can do with these and Bishop Fox released a tool to do it https://github.com/BishopFox/dufflebag. I wanted to script up a few weirdAAL modules to 1) for an AWS keypair you are testing check and see what snapshots you have available 2) for an AWS accountid list public snapshots.  Useful for bug bounty or for monitoring your org for public snapshots.  The account you are using will need at least AmazonEC2ReadOnlyAccess privileges.

Screenshot of the 2nd function below

listing snapshots for a random AWS accountid

You can git clone or git pull to get the updated code from https://github.com/carnal0wnage/weirdAAL

If you just want to do it with the AWS CLI you can use the following shell script:



Article: WeirdAAL update - get EC2 snapshots - published over 4 years ago.

https://blog.carnal0wnage.com/2020/05/weirdaal-update-get-ec2-snapshots.html   
Published: 2020 05 18 00:01:00
Received: 2024 02 19 11:44:44
Feed: Carnal0wnage and Attack Research Blog
Source: Carnal0wnage and Attack Research Blog
Category: News
Topic: Hacking
Views: 1

Custom HTML Block

Click to Open Code Editor