About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Enumeration of APIs on AWS Without Being Logged- 274

Nick FrichettePosted 5 Years Ago
  • Cloudtrail is the AWS service that logs access to all AWS services, in particular it can log authentication and authorization events.
  • By using an errored request with specific APIs on AWS, it is possible to map out all access on the account (with a given set of credentials).
  • This is done by sending a malformed request where one of two things happens: the user is denied or a 400 error occurs. The best part, is that because this is considered an invalid request, it is not logged on Cloudtrail. Hence, a malicious actor could do this to enumerate the access they have (and resources in the account), without it being logged.
  • AWS considered this to be a non-issue. However, taking a defense-in-depth approach by mitigating this would exploitation even harder. Going forward, I can see this being big in AWS env exploitation.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed