39 matches found
CVE-2021-3062
An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to...
U.S. Dept Of Defense: EC2 subdomain takeover at http://████████/
There is a dangling DNS A record that points to an EC2 instance that no longer exists, I was able to claim the EC2 instance and host content on http://███████/. Steps To Reproduce: 1. Visit http://█████████/██████████.html and view the PoC: ██████ Suggested Remediation Steps Remove the A record...
Red-Detector - Scan Your EC2 Instance To Find Its Vulnerabilities Using Vuls.io
Scan your EC2 instance to find its vulnerabilities using Vuls https://vuls.io/en/. Audit your EC2 instance to find security misconfigurations using Lynis https://cisofy.com/solutions/lynis. Scan your EC2 instance for signs of a rootkit using Chkrootkit http://www.chkrootkit.org/. Requirements 1...
8x8: Subdomain takeover of ███.wavecell.com
An EC2 instance was terminated but the DNS record was initially not updated/removed. The issue has been rectified...
Code injection
Nessus Agent versions 7.2.0 through 8.2.2 were found to inadvertently capture the IAM role security token on the local host during initial linking of the Nessus Agent when installed on an Amazon EC2 instance. This could allow a privileged attacker to obtain the token...
8x8: DNS Misconfiguration (Subdomain Takeover) ███████.8x8.com
An EC2 instance was replaced but the DNS record was initially not updated/removed. The issue has been rectified. https://medium.com/bugbountywriteup/dangling-dns-aws-ec2-e2d801701e8...
Install Apache Zeppelin and connect it to AWS Athena for data exploration, visualization and collaboration
Introduction Apache Zeppelin is a Web-based, open source, notebook system that enables data-driven, interactive data analytics and collaborative documents with SQL. At Imperva Research Group we use it on a daily basis to query data from the Threat Research Data Lake using AWS Athena query engine...
Taken - Takeover AWS Ips And Have A Working POC For Subdomain Takeover
Takeover AWS ips and have a working POC for Subdomain Takeover. Idea is simple Get subdomains. Do reverse lookups to only save AWS ips. Restart EC2 instance every min. and public ip gets rotated on each restart. Match it with your existing list of subdomain ips and you have a working subdomain...
Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS
Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...
How to Deploy FLR Relay Proxy
Deprecated Feature The FLR Relay Proxy feature described in this article was deprecated in Veeam Backup for AWS 7. In deployments where the feature was enabled before upgrading to Veeam Backup for AWS 7, the FLR Relay tab will still appear in the options. However, for Veeam Backup for AWS 7...
Deploying Veeam Backup for Microsoft 365 Backup Proxy Server in AWS
Challenge You need to configure an Amazon EC2 instance to act as a Backup Proxy for Veeam Backup for Microsoft 365 in AWS. For example, this may be required for the following reasons: The current proxy/deployment has or will reach configuration maximums. Growth within the Organizations. You need ...
How to Reset Password in Veeam Backup for AWS
Related User Guide Page Veeam Backup for AWS User Guide: Accessing Web UI from Workstation Challenge You may need to reset a password in Veeam Backup for AWS. Solution Make sure that the machine you are using for troubleshooting is in the list of allowed IP addresses in the Security Groups of you...
CVE-2012-6639
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data...
Privilege escalation
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data...
CVE-2012-6639
CVE-2012-6639 describes a privilege-elevation vulnerability in Cloud-init prior to 0.7.0. The issue occurs when requests to an untrusted system are made for EC2 instance data, allowing an attacker with network access to leverage low-privileged execution to gain higher privileges. The available co...
CVE-2012-6639
An privilege elevation vulnerability exists in Cloud-init before 0.7.0 when requests to an untrusted system are submitted for EC2 instance data...
Omise: SSRF in webhooks leads to AWS private keys disclosure
Vulnerability Summary Omise makes use of Amazon AWS as their application environment. Due to a vulnerability in the way webhooks are implemented, an attacker can make arbitrary HTTP/HTTPS requests from the application server and read their responses. This is known as a server-side request forgery...
Cloud Credentials: New Attack Surface for Old Problem
SAN FRANCISCO – Credential theft and abuse have long been a nagging problem for local network administrators. The threat surface ranges from pretexting scams to insiders who abuse network privileges in order to grant themselves higher permissions than otherwise assigned. Here at RSA Conference,...
X (Formerly Twitter): Sub Domain Takeover at mk.prd.vine.co
Hey It looks like the EC2 Instance at mk.prd.vine.co has been stopped and now it has been assigned to someone else Proof of Concept 1. http://mk.prd.vine.co/ few days back didn't have port 443 open but now it does have an open port 443 Response 400 Bad Request 400 Bad Request awselb/2.0 So it loo...