Releases: Hacking-the-Cloud/hackingthe.cloud
v2.3.5
What's Changed
- Updated the account id from s3 bucket article by @Frichetten in #149
- Update ec2-metadata-ssrf.md by @Frichetten in #151
- Added an article on a methodology for using stolen IAM credentials by @Frichetten in #152
- Added some info about situational awareness in AWS accounts by @Frichetten in #153
Full Changelog: v2.3.4...v2.3.5
Contributors
Assets 2
v2.3.4
What's Changed
- Fix typo in unauth user enum. by @Frichetten in #146
- Added an article on ssm methods in post exploitation by @Frichetten in #147
Full Changelog: v2.3.3...v2.3.4
Contributors
Assets 2
v2.3.3
What's Changed
- Fix Typo in index.md by @Frichetten in #142
- Added a disclaimer by @Frichetten in #143
- Create abusing-managed-identities.md by @andrei8055 in #144
Full Changelog: v2.3.2...v2.3.3
Contributors
Assets 2
v2.3.2
What's Changed
- AWS API Call Hijacking by @niebardzo in #138
- Soft Deleted Blobs by @andrei8055 in #140
- Azure - Anonymous Blob Access by @andrei8055 in #139
- Updated the Azure Index Page by @Frichetten in #141
New Contributors
- @andrei8055 made their first contribution in #140
- @niebardzo made their first contribution in #138
Full Changelog: v2.3.1...v2.3.2
Contributors
Assets 2
v2.3.1
What's Changed
- Add aws-vault note by @Frichetten in #133
- Fixed the descriptions of several articles. by @Frichetten in #136
- Add to gd post by @Frichetten in #137
Full Changelog: v2.3.0...v2.3.1
Contributors
Assets 2
v2.3.0
Capture the Flag Section
This version introduces a Capture the Flag section! Members of the community can create fun challenges and submit them for potential entry to Hacking the Cloud. The first one introduced in this version is CI/CDon't, an AWS/GitLab CI/CD themed challenge.
What's Changed
- Enumerate account info from an EC2 instance by @massyn in #130
- Create CTF section by @Frichetten in #132
Full Changelog: v2.2.2...v2.3.0
Contributors
Assets 2
v2.2.2
What's Changed
- Deprecated the sdb:ListDomains whoami technique by @Frichetten in #123
- Added note about stolen Lambda credentials by @Frichetten in #124
- Fixed an error with a one liner in the TFE article by @Frichetten in #126
- Fixed link syntax errors by @massyn in #127
- Fixed syntax/format for S3 subdomain takeover article. by @Frichetten in #129
New Contributors
Full Changelog: v2.2.1...v2.2.2
Contributors
Assets 2
v2.2.1
What's Changed
- Added socials to footer by @Frichetten in #116
- Revert: Removed permissions needed for AWS Consoler by @Frichetten in #118
- Modify GuardDuty Configurations by @bleemb in #119
New Contributors
Full Changelog: v2.1.2...v2.2.1
Contributors
Assets 2
v2.1.2
What's Changed
- Address #108: Add AWS Consoler permissions by @Frichetten in #111
- Address #110: Added note about stealing env variables from TFE runs by @Frichetten in #112
- Update #109: Updated the credential exfiltration article by @Frichetten in #113
- Updated EC2 credential exfiltration description for new bypass by @Frichetten in #114
- Added note about a niche credential exfiltration GuardDuty bypass by @Frichetten in #115
Full Changelog: v2.1.1...v2.1.2
Contributors
Assets 2
v2.1.1
New Topic
v2.1.1 now includes the Terraform topic and introduces the Terraform Enterprise: Attacking the Metadata Service article. In time, I intend to add additional content to the Terraform topic, describing ways that offsec professionals can abuse access to TFE and TFC.
What's Changed
- Terraform Enterprise: Attack the Instance Metadata Service by @Frichetten in #107
Full Changelog: v2.0.0...v2.1.1