[cs615asa] Red Team Mission
Elliot Wasem
ewasem at stevens.edu
Sun Apr 12 17:03:07 EDT 2020
The red team would like to present the following article:
https://blog.cloudsploit.com/a-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea (https://link.getmailspring.com/link/D367108F-FC80-4B11-BB87-143BCA88951B@getmailspring.com/0?redirect=https%3A%2F%2Fblog.cloudsploit.com%2Fa-technical-analysis-of-the-capital-one-hack-a9b43d7c8aea&recipient=Y3M2MTVhc2FAbGlzdHMuc3RldmVucy5lZHU%3D)
Within is described another attack that sounds familiar:
> the misconfiguration of cloud infrastructure resources allowed an unauthorized
> user to elevate her privileges and compromise sensitive documents.
This attack was an attack against capital one that took advantage of some security
flaws due to faulty configurations when communicating with a server that had
privileges it should not have had. While no full account could be released, it was
deduced that it was likely as a result of a wildcard used on permissions just to
get it to work.
Elliot Wasem
https://elliotwasem.xyz (https://link.getmailspring.com/link/D367108F-FC80-4B11-BB87-143BCA88951B@getmailspring.com/1?redirect=https%3A%2F%2Felliotwasem.xyz&recipient=Y3M2MTVhc2FAbGlzdHMuc3RldmVucy5lZHU%3D)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.stevens.edu/pipermail/cs615asa/attachments/20200412/d7ca3a4a/attachment.html>
More information about the cs615asa
mailing list