Karim El-Melhaoui
@karimscloud.bsky.social
Principal Security Architect & Partner at http://o3c.no, CloudSec Researcher, Microsoft Security MVP, CSA Norway Board Member
I find it hard to believe that AWS charges me for having hourly data of costs in my AWS environment.
May 4, 2025 at 2:19 PM
I find it hard to believe that AWS charges me for having hourly data of costs in my AWS environment.
If you were to remove any of the users previously, it had to be done through the REST API, as the permission is inherited on the Tenant Root Group visible in the portal
May 3, 2025 at 6:59 AM
If you were to remove any of the users previously, it had to be done through the REST API, as the permission is inherited on the Tenant Root Group visible in the portal
You can now see users that have triggered the Elevated Access toggle in Azure.
A simple bypass is to immediately assign the principal the same permissions at the top level management group, Tenant Root Group (tenant ID) rather than the Root scope ("/").
I still think this is an important feature.
A simple bypass is to immediately assign the principal the same permissions at the top level management group, Tenant Root Group (tenant ID) rather than the Root scope ("/").
I still think this is an important feature.
May 3, 2025 at 6:54 AM
You can now see users that have triggered the Elevated Access toggle in Azure.
A simple bypass is to immediately assign the principal the same permissions at the top level management group, Tenant Root Group (tenant ID) rather than the Root scope ("/").
I still think this is an important feature.
A simple bypass is to immediately assign the principal the same permissions at the top level management group, Tenant Root Group (tenant ID) rather than the Root scope ("/").
I still think this is an important feature.
Cloudy at Fløtatind, Sunndal
April 18, 2025 at 1:48 PM
Cloudy at Fløtatind, Sunndal
Starting the new year above the clouds
January 1, 2025 at 2:23 PM
Starting the new year above the clouds
.. enumerating the sub-domains using subfinder. Following the sub-domain enumeration, the endpoints were further enumerated using GoBuster.
GoBuster revealed a Java Spring application with the Actuator endpoint enabled.
The Actuator endpoint revealed an AWS Access Key and Heapdumps..
GoBuster revealed a Java Spring application with the Actuator endpoint enabled.
The Actuator endpoint revealed an AWS Access Key and Heapdumps..
December 30, 2024 at 10:25 AM
.. enumerating the sub-domains using subfinder. Following the sub-domain enumeration, the endpoints were further enumerated using GoBuster.
GoBuster revealed a Java Spring application with the Actuator endpoint enabled.
The Actuator endpoint revealed an AWS Access Key and Heapdumps..
GoBuster revealed a Java Spring application with the Actuator endpoint enabled.
The Actuator endpoint revealed an AWS Access Key and Heapdumps..