How Two curl Commands Gave Me Full Access to an S3 Bucket
A routine API pentest revealed that AWS Cognito Identity Pools were handing out S3 credentials to anyone on the internet. Here is how I f...
NedTechie
5,000 Attack Vectors Later: What I Learned From Testing Everything
I’ve been staring at this terminal for three days. Not continuously, obviously. I sleep. Sometimes. But I’ve been running tests. Lots of...
From DevOps to DevSecOps: Why I Started Breaking Things on Purpose
I’ve been a DevOps engineer for a long time. Nearly two decades, if you count the years before we called it DevOps. Back when it was just...