writeups.xyz writeups.xyz / AWS

Title Vulnerabilities Programs Authors
The Hunt for ALBeast: A Technical Walkthrough
Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
NO_WILDCARD: How I discovered the Organization ID of any AWS Account
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough
Non-Production Endpoints as an Attack Surface in AWS
AWS CloudQuarry: Digging For Secrets In Public AMIs
LeakyCLI: AWS and Google Cloud Command-Line Tools Can Expose Sensitive Credentials in Build Logs
Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover (CVE-2024-28056)
FlowFixation: AWS Apache Airflow Service Takeover Vulnerability and Why Neglecting Guardrails Puts Major CSPs at Risk
AWS Fixes Data Exfiltration Attack Angle in Amazon Q for Business
Fuzzing and Bypassing the AWS WAF
Bypass Cognito Account Enumeration Controls
The Deputy Is Confused About AWS Security Hub
AWS WAF Bypass: invalid JSON object and unicode escape sequences
Hijacking Cloud CI/CD Systems for Fun and Profit
Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda Privileges
AWS WAF Clients Left Vulnerable to SQL Injection Due to Unorthodox MSSQL Design Choice
Exploiting HTTP Parsers Inconsistencies
Spotted: How we discovered Privilege Escalation, missing CloudTrail data and a race condition in AWS Directory Service
HTTP Request Splitting vulnerabilities exploitation
AWS Identity Center (formerly known as AWS SSO): A Guide to Privilege Escalation and Identity and Access Management
Identifying vulnerabilities in GitHub Actions & AWS OIDC Configurations
Two Minor Cross-Tenant Vulnerabilities in AWS App Runner