Sns on security ?!https://adicpnn.com/tags/sns/Recent content in Sns on security ?!Hugoen-usThu, 12 Mar 2026 00:00:00 +0000Cloudfoxable - The topic is executionhttps://adicpnn.com/blog/cloudfoxable/execution/Thu, 12 Mar 2026 00:00:00 +0000https://adicpnn.com/blog/cloudfoxable/execution/<!-- raw HTML omitted --> <p>You&rsquo;ve just gained access to the role viniciusjr. At first glance, this role appears to only have some SNS read-only access? But I don&rsquo;t think that&rsquo;s accurate. See if you can get to the flag /cloudfoxable/flag/executioner in the SSM parameter store.</p> <!-- raw HTML omitted --> <h3 id="information-gathering">Information Gathering</h3> <p>First things first, set up the profile, and test access.</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl">adicpnn@laboratory cloud % cat ~/.aws/config <span class="p">|</span> tail </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl"><span class="o">[</span>profile vini<span class="o">]</span> </span></span><span class="line"><span class="cl"><span class="nv">region</span> <span class="o">=</span> eu-central-1 </span></span><span class="line"><span class="cl"><span class="nv">role_arn</span> <span class="o">=</span> arn:aws:iam::129323993607:role/viniciusjr </span></span><span class="line"><span class="cl"><span class="nv">source_profile</span> <span class="o">=</span> cloudfoxable </span></span><span class="line"><span class="cl"> </span></span><span class="line"><span class="cl">adicpnn@laboratory cloud % aws sts get-caller-identity --profile vini </span></span><span class="line"><span class="cl"><span class="o">{</span> </span></span><span class="line"><span class="cl"> <span class="s2">&#34;UserId&#34;</span>: <span class="s2">&#34;AROAR4HCPRIDXMLFGL22G:botocore-session-1773327029&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Account&#34;</span>: <span class="s2">&#34;129323993607&#34;</span>, </span></span><span class="line"><span class="cl"> <span class="s2">&#34;Arn&#34;</span>: <span class="s2">&#34;arn:aws:sts::129323993607:assumed-role/viniciusjr/botocore-session-1773327029&#34;</span> </span></span><span class="line"><span class="cl"><span class="o">}</span> </span></span></code></pre></td></tr></table> </div> </div><p>Then, enumerating attached policies.</p>Cloudfoxable - The topic is exposurehttps://adicpnn.com/blog/cloudfoxable/exposure/Thu, 12 Mar 2026 00:00:00 +0000https://adicpnn.com/blog/cloudfoxable/exposure/<!-- raw HTML omitted --> <p>What does it mean when we say something is &ldquo;public&rdquo; in the cloud? Do you need an IP address to be public? What if a resource is accessible to anyone in the world, provided they have an AWS account (any AWS account). That seems close enough to public to scare me!</p> <p>Note: FWIW, there is a policy on the resource in question that will only allow you to exploit it from your IP address to prevent misuse)</p>