PwnedLabs

Escalate Privileges by IAM Policy Rollback

This walkthrough outlines a method to escalate privileges from limited access AWS keys by exploiting IAM policy rollback.

Exploiting Weak S3 Bucket Policies

This write-up covers exploiting weak bucket policies to gain privileged access in an AWS environment.

Leveraging S3 Bucket Versioning

This write-up explores how misconfigured AWS S3 Bucket Versioning permissions permissions on AWS S3 Bucket Versioning can allow unauthorized access to sensitive data.

S3 Enumeration Basics

In this write-up, we cover the process of enumerating AWS S3 buckets to identify potential misconfigurations that can lead to data exposure.

Pillage Exposed RDS Instances

In this walkthrough, the goal is to identify potential security flaws, gain unauthorized access, and exfiltrate data from a publicly exposed RDS instance.

EC2 SSRF Attack

This walkthrough covers performing a Server Side Request Forgery (SSRF) attack. It involves exploiting SSRF to access and abuse EC2's metadata service, ultimately compromising credit card data through credential abuse of an IAM Role.

Hunt for Secrets in Git Repos

In this walkthrough, we explore a method to recover AWS credentials from a Git repository's history using a secrets scanning tool called Trufflehog. After obtaining the credentials, we leverage them to access sensitive data in an AWS S3 bucket.