Hacker News
- Cloud Service Provider security mistakes https://github.com/SummitRoute/csp_security_mistakes 2 comments
Linking pages
- GitHub - SummitRoute/imdsv2_wall_of_shame: List of vendors that do not allow IMDSv2 enforcement https://github.com/SummitRoute/imdsv2_wall_of_shame 21 comments
- Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL | Wiz Blog https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ 18 comments
- RDS and Aurora PostgreSQL Vulnerability Leads to AWS Deprecating Many Minor Versions https://www.infoq.com/news/2022/04/aws-rds-postgres-vulnerability/ 0 comments
Linked pages
- GitHub - irsl/gcp-dhcp-takeover-code-exec: Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent https://github.com/irsl/gcp-dhcp-takeover-code-exec 191 comments
- “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution | Wiz Blog https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution 179 comments
- Orca Discovers AWS CloudFormation Vulnerability - Orca Security https://orca.security/resources/blog/aws-cloudformation-vulnerability/ 74 comments
- AWS signature version 1 is insecure http://www.daemonology.net/blog/2008-12-18-AWS-signature-version-1-is-insecure.html 52 comments
- Penetration Testing - Amazon Web Services (AWS) https://aws.amazon.com/security/penetration-testing/ 48 comments
- AutoWarp: Azure Automation Vulnerability | Orca Research Pod https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ 45 comments
- ChaosDB: Unauthorized Privileged Access to Microsoft Azure Cosmos DB https://chaosdb.wiz.io/ 43 comments
- ChaosDB explained: Azure's Cosmos DB vulnerability walkthrough | Wiz Blog https://www.wiz.io/blog/chaosdb-explained-azures-cosmos-db-vulnerability-walkthrough 36 comments
- Cross-Account Container Takeover in Azure Container Instances https://unit42.paloaltonetworks.com/azure-container-instances/ 32 comments
- Practical HTTP Header Smuggling: Sneaking Past Reverse Proxies to Attack AWS and Beyond https://www.intruder.io/research/practical-http-header-smuggling 26 comments
- AWS RDS Vulnerability Leads to AWS Internal Service Credentials https://blog.lightspin.io/aws-rds-critical-security-vulnerability 21 comments
- Wiz Research discovers "ExtraReplica"— a cross-account database vulnerability in Azure PostgreSQL | Wiz Blog https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ 18 comments
- AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/ 12 comments
- CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client - Rhino Security Labs https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client/ 9 comments
- Enumerate AWS API Permissions Without Logging to CloudTrail https://frichetten.com/blog/aws-api-enum-vuln/ 6 comments
- Orca Security Discovers AWS Glue Vulnerability - Orca Security https://orca.security/resources/blog/aws-glue-vulnerability/ 6 comments
- Blast from the past: Cross Site Scripting on the AWS Console · Embrace The Red https://embracethered.com/blog/posts/2020/aws-xss-cross-site-scripting-vulnerability/ 5 comments
- https://www.tenchisecurity.com/blog/thefaultinourstars 5 comments
- ChaosDB: How we hacked thousands of Azure customers’ databases | Wiz Blog https://www.wiz.io/blog/chaosdb-how-we-hacked-thousands-of-azure-customers-databases 4 comments
- AWS SageMaker Jupyter Notebook Instance Takeover https://blog.lightspin.io/aws-sagemaker-notebook-takeover-vulnerability 3 comments
Related searches:
Search whole site: site:github.com
Search title: GitHub - SummitRoute/csp_security_mistakes: This repo has been replaced by https://www.cloudvulndb.org
See how to search.