Amazon-S3 – Page 6 – WindowsTechs.com

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

Posted on July 11, 2019 by Swati Khandelwal

Magecart strikes again!

Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings.

Since Magecart… Continue reading Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets→

Slurp – Amazon AWS S3 Bucket Enumerator

Posted on July 1, 2019 by Darknet

Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan from an external perspective or an AWS API to scan internally.

There are two modes that this tool operates at; blackbox and whitebox mode. Whitebo… Continue reading Slurp – Amazon AWS S3 Bucket Enumerator→

Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 servers

Posted on June 28, 2019 by Graham Cluley

Some of the world’s biggest companies have had 750GB worth of their innermost secrets revealed on unsecured Amazon S3 buckets, available for anybody to download – no password required.
Read more in my article on the Hot for Security blog.
Continue reading Fortune 100 passwords, email archives, and corporate secrets left exposed on unsecured Amazon S3 servers→

Storing user’s private files on S3 and securing access using signed URLs – good idea?

Posted on June 22, 2019 by ssobczak

I will be storing private user’s files on S3. The files will be PDFs, possibly containing private financial information.

I’m considering letting users directly access the files on S3, without proxying all the traffic throug… Continue reading Storing user’s private files on S3 and securing access using signed URLs – good idea?→

AWS S3 resource access control through IAM permissions or bucket policies?

Posted on June 12, 2019 by qre0ct

The way we create buckets in our org and ensure sane ACLs around it is by providing an automated tool (that internally uses Terraform) to provision an S3 bucket. So say when a user requests for a new bucket, named testBucket we create a bu… Continue reading AWS S3 resource access control through IAM permissions or bucket policies?→

2.3B Files Exposed in a Year: A New Record for Misconfigs

Posted on May 30, 2019 by Tara Seals

Amazon S3 cloud bucket misconfigurations however have dropped dramatically. Continue reading 2.3B Files Exposed in a Year: A New Record for Misconfigs→

How to disclose an open S3 bucket?

Posted on April 22, 2019 by octothorpe_not_hashtag

What is the most responsible way of disclosing an open AWS S3 bucket?

Let’s say there are sensitive documents inside, such as contracts with the company logo, that lead you to believe that it belongs to a specific company. … Continue reading How to disclose an open S3 bucket?→

App Developers Left 540 Million Facebook Users’ Records on the Public Internet

Posted on April 3, 2019 by Joseph Cox

The exposures didn’t come from Facebook itself, but do show how data generated by one company can end up exposed thanks to another service. Continue reading App Developers Left 540 Million Facebook Users’ Records on the Public Internet→

How does s3 bucket take over works?

Posted on February 25, 2019 by Utkarsh Agrawal

I have seen in many articles about if you have received a 404 error with Code: NoSuchBucket then it will be vulnerable to takeover.

But when I tried to take it over then I am receiving an error i.e. Bucket already exists

Th… Continue reading How does s3 bucket take over works?→

Nmap Vulnerability NSE scripts

Posted on February 4, 2019 by john_zombie

I am running nmaps NSE vuln scans against servers for my pentest and it seems to be pulling in inaccurate results with services that we don’t have on those servers. Is this a known issue when using those NSE scripts? How acc… Continue reading Nmap Vulnerability NSE scripts→