mr-b4rt0wsk1
Staff Offensive Security Engineer | OSCP | GCPN
~$ whoami
# I’ve been in the cyber security workspace since 2017
# My day job consists of doing security assessments and code review
# In my free time, I do cyber security CTFs, research, coding, and projects
# My favorite perk about being in this field is its flexible and remote lifestyle
# When I’m not on a computer, I’m skiing, hiking, or enjoying the outdoors
Recent Posts
CloudGoat Series #6: EC2 SSRF
For the sixth CloudGoat scenario, EC2 SSRF, we are tasked with invoking a Lambda function, which can only be done with admin rights. The start file contains a set of IAM user credentials that give us entry into the AWS account. From there, there is a sequence of privilege escalations
CloudGoat Series #5: IAM Privesc by Attachment
For the fifth CloudGoat scenario, “IAM Privesc by Attachment”, we are presented with an IAM user’s access keys and are tasked with deleting an EC2 instance called the “super-critical-security-server”. We find that the IAM user has some permissions to both the IAM and EC2 services. With these, we identify an
CloudGoat Series #4: Cloud Breach S3
CloudGoat’s fourth scenario, “Cloud Breach S3”, is a short and easy scenario that demonstrates abuse of the EC2 metadata service. For once, we do not start off with an IAM user’s access keys. Instead, we are given the IP address of a reverse proxy server that has been poorly configured