Signing Requests to AWS on OWASP Zed Attack Proxy - ZAP

-
Hello All,

I've written a Help Add On Script for the OWASP Zed Attack Proxy to sign requests to Amazon AWS. You can check it here. Enjoy it!



Comments

Post a Comment

Popular posts from this blog

The forgotten JBOSS Admin Console and CVE 2010-1871

-
Image
Well, we are in 2013 and It’s amazing how many JBOSS administration interfaces (jmx-console, web-console, invokers etc) are still exposed on the internet, however we are not going to talk about it. A couple of days ago I was performing a penetration testing and I found an environment with JBOSS AS 6. The JMX-Console wasn’t password protected but one console in special attracted my attention: the Admin Console. It seems that this console, I do not know the reason, is kind of forgotten by the security community as an attack vector. The default access credential for this console is admin/admin and it is also built upon a vulnerable version of Seam framework CVE 2010-1871 . This console provides a powerful JBOSS administration allowing a user to check the server’s configuration, to deploy and to delete applications, to read datasources etc. I checked out for the default credential but they were changed. There were other ways to hack this JBOSS but I was quite interes...
Read more

Google Cloud Security - Enumeration using curl

-
Hello folks, It is been a while since my last post. Recently the GitLab Red Team published a pretty comprehensive material about privilege escalation and post exploitation tactics on the Google Cloud Platform (GCP). I've made a fork of their enumeration tool and added a few enumerations to it. Aside of it, I've also created a second enumeration tool which is totally independent on the Google Cloud SDK being installed on the target machine, requiring only curl. Check it out here !
Read more