Comments for NetSPI https://www.netspi.com/ Trusted by nine of the top 10 U.S. Banks Fri, 11 Mar 2022 16:27:23 +0000 hourly 1 https://wordpress.org/?v=6.5 Comment on Gaining AWS Console Access via API Keys by Ian Williams https://www.netspi.com/blog/technical/gaining-aws-console-access-via-api-keys/#comment-474 Wed, 18 Mar 2020 21:29:23 +0000 https://blog.netspi.com/?p=11296#comment-474 In reply to HAYTHAM.

Hi there, Haytham,

That’s a bit out-of-scope for this blog post – however, there’s a full list of IAM identifiers in the AWS IAM User Guide. That’s where the guidance on AKIA and ASIA came from above. Looking for the values there might give you something interesting if you’ve got hard-coded credentials.

–Ian

]]>
Comment on Gaining AWS Console Access via API Keys by HAYTHAM https://www.netspi.com/blog/technical/gaining-aws-console-access-via-api-keys/#comment-473 Wed, 18 Mar 2020 21:25:16 +0000 https://blog.netspi.com/?p=11296#comment-473 Interesting! thank you for this.
so if I’m doing a pentesting for an android app, which words/methods should I look for to check if there is hardcoded about this? ASIA / AKIA?

Thanks again 🙂

]]>
Comment on Azure Privilege Escalation via Cloud Shell by Azure Privilege Escalation Using Managed Identities https://www.netspi.com/blog/technical/cloud-penetration-testing/attacking-azure-cloud-shell/#comment-472 Wed, 26 Feb 2020 03:50:11 +0000 https://blog.netspi.com/?p=11179#comment-472 […] See Cloud Shell Privilege Escalation […]

]]>
Comment on Breaking Out! of Applications Deployed via Terminal Services, Citrix, and Kiosks by Azure Privilege Escalation Using Managed Identities https://www.netspi.com/blog/technical/network-penetration-testing/breaking-out-of-applications-deployed-via-terminal-services-citrix-and-kiosks/#comment-174 Thu, 20 Feb 2020 18:52:12 +0000 https://netspiblogdev.wpengine.com/?p=1161#comment-174 […] Thick Application Breakouts […]

]]>
Comment on Running PowerShell on Azure VMs at Scale by Azure Privilege Escalation Using Managed Identities https://www.netspi.com/blog/technical/cloud-penetration-testing/running-powershell-scripts-on-azure-vms/#comment-470 Thu, 20 Feb 2020 18:34:01 +0000 https://netspiblogdev.wpengine.com/?p=9891#comment-470 […] Azure IAM “Contributor” permissions on the VM […]

]]>
Comment on Running PowerShell on Azure VMs at Scale by Attacking Azure with Custom Script Extensions https://www.netspi.com/blog/technical/cloud-penetration-testing/running-powershell-scripts-on-azure-vms/#comment-469 Thu, 13 Feb 2020 15:01:57 +0000 https://netspiblogdev.wpengine.com/?p=9891#comment-469 […] the same command in Cloud Shell to launch a new Grunt. If we have multiple target VMs, we could use Invoke-AzureRmVMRunCommand to execute the Launcher across many targets at […]

]]>
Comment on Get-AzurePasswords: Exporting Azure RunAs Certificates for Persistence by Using Azure Automation Accounts to Access Key Vaults https://www.netspi.com/blog/technical/cloud-penetration-testing/exporting-azure-runas-certificates/#comment-471 Mon, 30 Dec 2019 18:13:33 +0000 https://netspiblogdev.wpengine.com/?p=10168#comment-471 […] is the second post in a series of blogs that focuses around Azure Automation. Check out “Exporting Azure RunAs Certificates for Persistence” for more info on how authentication works for Automation Accounts. In this installment, […]

]]>
Comment on Beyond LLMNR/NBNS Spoofing – Exploiting Active Directory-Integrated DNS by jjjj https://www.netspi.com/blog/technical/network-penetration-testing/exploiting-adidns/#comment-466 Fri, 29 Nov 2019 15:15:54 +0000 https://netspiblogdev.wpengine.com/?p=9346#comment-466 Be aware that if you create a wildcard record in your internal zone for defense, you might affect name resolution for localhost.example.com. Systems that resolved it to 127.0.0.1 might resolve it to the IP of the wildcard entry now. So you might want to create a A record for localhost. Some discussions on this (without a clear conclusion) in https://serverfault.com/questions/120769/localhost-in-a-dns-zone

]]>
Comment on Four Ways to Bypass Android SSL Verification and Certificate Pinning by Some Useful AppSec Resources – Little Man In My Head https://www.netspi.com/blog/technical/mobile-application-penetration-testing/four-ways-bypass-android-ssl-verification-certificate-pinning/#comment-463 Sun, 03 Nov 2019 05:48:39 +0000 https://netspiblogdev.wpengine.com/?p=8183#comment-463 […] Four Ways to Bypass Android SSL Verification and Certificate Pinning […]

]]>
Comment on Four Ways to Bypass iOS SSL Verification and Certificate Pinning by Some Useful AppSec Resources – Little Man In My Head https://www.netspi.com/blog/technical/mobile-application-penetration-testing/four-ways-to-bypass-ios-ssl-verification-and-certificate-pinning/#comment-465 Sun, 03 Nov 2019 05:45:49 +0000 https://netspiblogdev.wpengine.com/?p=8576#comment-465 […] Four Ways to Bypass iOS SSL Verification and Certificate Pinning […]

]]>