re: Exploiting Common Serverless Security Flaws in AWS VIEW POST


Excellent, thanks Chris!

Taking this stuff back to the office next week as follow up on our pen testing that has been ongoing for a new AWS platform.. I'm gonna bet we've made at least one of these errors!


Thanks, Phil - hope it helps!

If you're interested, I wrote a piece on using Pacu (an AWS exploitation framework) from RhinoSecurityLabs - might give you some ideas for testing your new platform. I'll pop it on here at some point, but at the moment it's on my personal blog -

code of conduct - report abuse