While using a managed Kubernetes service like EKS or GKE provides simplicity, understanding how to manually build a Kubernetes cluster from scratch is valuable for really comprehending how Kubernetes works under the hood. …

Welcome to my blog! In this post, I’ll be sharing my solutions to the challenges presented by bigiamchallenge.com. The Big IAM Challenge is an online CTF (Capture the Flag) event that tests participants’ knowledge of AWS IAM (Identity and Access Management). The challenge consists of six objectives that highlight common…

Level 2(http://level2-g9785tw8478k4awxtbox9kk3c5ka8iiz.flaws2.cloud/) a) We start with a web application running inside a container @ http://container.target.flaws2.cloud/ which requires us to authenticate with a username and password which we don’t possess. We have been provided an ecr (Elastic Container Registry) name- level2 b) Listing out images in the registry with our creds…

Level 1 (http://level1.flaws2.cloud/) — a) We are provided with a form that intakes digits only. Upon checking we came to know that validation is being performed only on the client side using javascript. This can be verified by viewing the HTML source of the page. Method validateForm() is performing this validation. b) We can…

Overview/Agenda - Exploiting SQLi for login bypass - Finding and Abusing file upload functionality to upload web shell - Getting a reverse shell using python3 payload and listening using pwncat - Finding DB creds in config file - Finding out that we are in a container - Enumerating container using linpeas - Finding out processes of…

Hi readers, recently I was filling up an online form and it was required to merge, upload and submit documents in pdf format. Usually, I tend to use free online tools for merging pdfs(like ilovepdf, etc). But this time the files which I was uploading contained PII and financial information…

Gaining continued access to a computer system or network that has been compromised is known as persistence. It requires bypassing security measures and re-configuring systems so that access is maintained even after users log out or reboot the system. …

Hi readers, here we will be solving the GCPGoat module 1(Path 1). We will be going through the first path in this walk-through as shown in the diagram below. Video Walk-through: https://www.youtube.com/watch?v=cM46_c-zxh4 Solving Challenge- Finding storage buckets being used by web app- a. In the previous path (https://www.youtube.com/watch?v=dtLg4Z8bHNk&t=498s), we found a GCP…

Hi readers, here we will be deploying and solving GCPGoat module 1 challenge. We will be going through the second path in this walkthrough, as shown in the diagram below. Video Walkthrough: https://www.youtube.com/watch?v=fyCtrM3eCd8 https://www.youtube.com/watch?v=dtLg4Z8bHNk Prerequisites- a. Admin access in the GCP account(You can create a new free tier account) b…