Recent Posts

Categories

Archives

Category Archives: Tools

Security Architecture Review Of A Cloud Native Environment

Overview Due to its massive adoption, cloud computing has become a critical component for every enterprise. A large number of organisations want to migrate to the cloud, however, its security posture is still a blind spot for everyone. Nevertheless, we have seen a big rise in the number of requests

Read more

Cloud Services Enumeration – AWS, Azure and GCP

TL;DR: We have built cloud enumeration scripts now available @ https://github.com/NotSoSecure/cloud-service-enum/. This script allows pentesters to validate which cloud tokens (API keys, OAuth tokens and more) can access which cloud service. As cloud environments are becoming increasingly popular, we are seeing a rise in cloud environment usage in production. From

Read more

Hunting the Delegation Access

Active Directory (AD) delegation is a fascinating subject, and we have previously discussed it in a blog post and later in a webinar. To summarize, Active Directory has a capability to delegate certain rights to non (domain/forest/enterprise) admin users to perform administrative tasks over a specific section of AD. This

Read more