id
type
5 (blog/news article)
status
21 (imported old-v2, waiting for another import)
review version
1
cleanup version
0
pending deletion
0 (-)
created at
2026-01-19 19:31:04
updated at
2026-01-19 19:31:04
url
https://appsecco.com/blog/hacker-days-understanding-aws-cloud-attacks-using-cloudgoat-owasp-bay-area
url length
100
url crc
62135
url crc32
808645303
location type
1 (url matches target location, page_location is empty)
canonical status
2 (missing canonical tag in html)
canonical page id
-
domain id
domain tld
2211
domain parts
2
originating warc id
6575986
originating url
source type
11 (CommonCrawl)
server ip
Publication date
2025-07-15 22:28:51
Fetch attempts
0
Original html size
26337
Normalized and saved size
23201
title
Hacker Days: Understanding AWS cloud attacks using CloudGoat
excerpt
content
We did an hour-long webinar for OWASP Bay Area Meetup group where I spoke about AWS attacks. As part of the online webinar, I demonstrated attack scenarios for AWS across different services.The slides and video recording from the online seminar, along with Questions & Answers are presented in this blog post.VideoView SlidesQuestions & AnswersHow is the permission enumeration done after a get-caller-identity call?Once the identity of the user is known, the next logical step for an attacker is to identify what privileges they have. In case of AWS there are tools like enumerate-iam that can be used to brute force different List and Get APIs and identify which is success. For more comprehensive results, all Write permissions (Set, Delete, Modify etc.) will also need to be tested which can disrupt the target AWS environment.It’s not a sure shot way but gives you an idea of what services the user has access to. The only way (without being destructive) to get a complete permission ...
author
updated
1769346426
block type
0
extracted fields
105
extracted bits
featured image
title
full content
content was extracted heuristically
detected location
0
detected language
1 (English)
category id
-
index version
1
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
0
text characters
6317
text words
1255
text unique words
508
text lines
1
text sentences
32
text paragraphs
1
text words per sentence
39
text matched phrases
0
text matched dictionaries
0
links self subdomains
0
links other subdomains
8
links other domains
1
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
1
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
16
links ext klim
0
links ext generic
0
image author