Tools Resources
KMS and Secrets Manager on AWS

Understanding the Integration Between KMS and Secrets Manager on AWS

Noga Yam Amitai<
By: Noga Yam Amitai
Mar 8, 2023

Key Management Service (KMS), and Secrets Manager are easy to mix, not only because of the similarity in names but also because one might get confused over the purpose of each one. At a high level, KMS is a service that allows users to manage cryptographic keys for encryption, decryption, signing, and additional operations. We recommend that you read our technical blog on KMS to dive more…

AWS_Blog

AWS ECR Public Vulnerability

Gafnit Amiga<
By: Gafnit Amiga
Dec 13, 2022

Executive Summary I discovered a critical AWS Elastic Container Registry Public (ECR Public) vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS Accounts, by abusing undocumented internal ECR Public API actions. Prior to mitigation, this vulnerability could have potentially led to denial of service, data exfiltration, lateral movement, privilege…

GCP buckets

How many of your GCP buckets are publicly accessible? It might be more than you think…

Noga Yam Amitai<
By: Noga Yam Amitai
May 12, 2022

Google Cloud Storage is Google’s storage service for storing and retrieving data with high reliability, performance, and availability. Storage services tend to be a weak point in terms of security for many companies and organizations, as they often contain sensitive information but are hard to configure correctly. Here you can find a thorough examination of Google Cloud Platform’s (GCP) storage service, how to access buckets,…

AWS RDS Vulnerability

AWS RDS Vulnerability Leads to AWS Internal Service Credentials

Gafnit Amiga<
By: Gafnit Amiga
Apr 11, 2022

TL; DR Panoptica's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. The internal AWS service was connected to AWS internal account, related to the RDS service. The vulnerability was reported to AWS Security team, who right after applied an initial patch limited only to the recent RDS and…

risky default EMR managed

Why you need to update your risky default EMR managed roles and policies

Dana Tsymberg<
By: Dana Tsymberg
Jan 27, 2022

Amazon EMR is a managed cluster platform that simplifies running big data frameworks such as Apache Hadoop and Apache Spark. EMR’s service allows a cluster to be launched in just a few minutes without the worry of node provisioning, resizing, scaling, or replacing poor functioning instances - EMR does it all for us. In this blog we will examine EMR's default roles and managed policies…

Group-46

AWS SageMaker Jupyter Notebook Instance Takeover

Gafnit Amiga<
By: Gafnit Amiga
Dec 2, 2021

During our research about security in data science tools we decided to look at Amazon SageMaker which is a fully managed machine learning service in AWS. Here is the long and short of our recent discovery. TL; DR We found that an attacker can run any code on a victim’s SageMaker JupyterLab Notebook Instance across accounts. This means that an attacker can access the Notebook Instance metadata…

S3-Bucket

S3 Bucket Security Issues Part 2: The Risks of Misconfigured S3 Buckets and What You Can Do About Them

Noga Yam Amitai<
By: Noga Yam Amitai
Jun 2, 2021

In the first part of this series, we provided an overview of AWS cloud storage service – S3. We discussed the three components of an S3 object, the content, the identifier, and the metadata, as well as how to access objects from within a bucket using AWS evaluation, including the risks involved. If you missed part one, you can check it out here. In the second…

bucketimage

What Is S3 Bucket and How to Access It (Part 1)

Noga Yam Amitai<
By: Noga Yam Amitai
May 12, 2021

S3 bucket misconfigurations account for 16% of all cloud security breaches. While some of this can be chalked up to inexperience or human error, that’s not the only problem going on behind the scenes. This two-part series will look in-depth at what is an s3 bucket, how AWS handles access rights and permissions, and a new Panoptica Python tool that will provide some visibility and…