PinnedSecurity ShenanigansinInfoSec Write-upsEnumeration and lateral movement in GCP environmentsThis write up is about a pentest we did in which we managed to compromise a hybrid GCP hosted infrastructure using native GCP tools for…8 min read·Jun 1, 2022----
Security ShenanigansinInfoSec Write-upsArchitecture of a ransomware (2/2)In part 1(https://securityshenaningans.medium.com/architecture-of-a-ransomware-1-2-1b9fee757fcb) we explained key concepts necessary to…10 min read·Nov 26, 2020----
Security ShenanigansinInfoSec Write-upsArchitecture of a ransomware (1/2)Last couple of months we’ve seen a rise in ransomware related incidents, mostly due to the increase of remote work COVID-19. Nevertheless…10 min read·Nov 24, 2020--1--1
Security ShenanigansinInfoSec Write-upsRecipe for a successful phishing campaign (part 2/2)Recap: In part 1 we saw general considerations you should keep in mind in order to start setting up your infrastructure…10 min read·Oct 15, 2020----
Security ShenanigansinInfoSec Write-upsRecipe for a successful phishing campaign (part 1/2)Introduction9 min read·Oct 13, 2020----
Security ShenanigansinInfoSec Write-upsExploiting AWS IAM permissions for total cloud compromise: a real world example (part 2/2)Introduction7 min read·Oct 1, 2020----
Security ShenanigansinInfoSec Write-upsExploiting fine-grained AWS IAM permissions for total cloud compromise: a real world example (part…Introduction11 min read·Sep 29, 2020----
Security ShenanigansinInfoSec Write-upsAWS IAM explained for Red and Blue teamsIntroduction11 min read·Sep 24, 2020--1--1
Security ShenanigansinInfoSec Write-upsCombining Hadoop and MCollective for total network compromiseThis is the story of how only two insecure configurations allowed us to take down an entire cloud hosted company. It was a gray box…8 min read·Sep 22, 2020----
Security ShenanigansinInfoSec Write-upsHow a badly configured DB allowed us to own an entire cloud of over 25K hosts (part 2/2)On part 1 we briefly explained how we got administrator privileges to almost all BMC devices hosting a native Openstack cloud. In this…6 min read·Sep 3, 2020----