In this short article, we’ll cover the basics surrounding AWS architecture. I decided to create this overview after performing a penetration test on a serverless web application and hope it proves useful as a quick crash course to AWS serverless architecture.
A serverless application is often comprised of many microservices. What are microservices? A microservice is an independent and modular service that is deployable as a stand-alone service in and of itself. This means that each service does one job within a domain and only that job itself.
An example of a microservice could be an authentication service. The authentication…
Traversing GitHub for secrets utilizing automated tools such as gitrob (michenriksen) or GitGot (BishopFox) are great for a quick scan of potentially hidden sensitive information behind a target’s GitHub environment. However, these automated tools used to discover secrets in GitHub are far from perfect.
Oftentimes sensitive secrets stored in a target’s GitHub environment are overlooked and thus not reported in the tool output due to the limitations of automated scanning (regex, entropy searches, etc.). On the flip slide, too much information can be outputted by automated tools, making it difficult to discern true secrets from a sea of false positives.
Amateur bug bounty hunter, tool devleoper, and offensive security researcher.