| Two Minor Cross-Tenant Vulnerabilities in AWS App Runner |
|
|
|
| Riding the Azure Service Bus (Relay) into Power Platform |
|
|
|
| Super FabriXss: From XSS to an RCE in Azure Service Fabric Explorer by Abusing an Event Tab Cluster Toggle (CVE-2023-23383) |
|
|
|
| BingBang: The AAD misconfiguration that led to Bing.com results manipulation and account takeover explained |
|
|
|
| I’d TAP That Pass |
|
|
|
| Using an Undocumented Amplify API to Leak AWS Account IDs |
|
|
|
| Escalating Privileges with Azure Function Apps |
|
|
|
| Bypassing CloudTrail in AWS Service Catalog, and Other Logging Research |
|
|
|
| Microsoft Defender for Cloud Management Port Exposure Confusion |
|
|
|
| Abusing Azure App Service Managed Identity Assignments |
|
|
|
| Assumed Breach Assessment Case Study: Uncovering WeSecureApp’s Approach |
|
|
|
| Azure Ad Kerberos Tickets: Pivoting To The Cloud |
|
|
|
| Azure security — Internal recon leveraging lack of access control |
|
|
|
| EmojiDeploy: Smile! Your Azure web service just got RCE’d ._. |
|
|
|
| AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass |
|
|
|
| How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services |
|
|
|
| ACSESSED: Cross-tenant network bypass in Azure Cognitive Search |
|
|
|
| Passwordless Persistence and Privilege Escalation in Azure |
|
|
|
| AWS ECR Public Vulnerability |
|
|
|
| Hell’s Keychain: Supply-chain vulnerability in IBM Cloud Databases for PostgreSQL allows potential for unauthorized database access |
|
|
|
| A Confused Deputy Vulnerability in AWS AppSync |
|
|
|
| SyncJacking: Hard Matching Vulnerability Enables Azure AD Account Takeover |
|
|
|
| The Danger of Falling to System Role in AWS SDK Client |
|
|
|
| AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes |
|
|
|
| Azure Synapse: Local Privilege Escalation Vulnerability in Spark |
|
|
|
writeups.xyz
/
Cloud