AWS

Cloudgoat RCE_WEB_APP Scenario Introduction CloudGoat is a training and learning platform developed by Rhino Security Labs to help individuals and organizations understand the risks and vulnerabilities associated with cloud-based applications. One of the scenarios available on CloudGoat is the RCE_web_app scenario, which allows users to practice exploiting remote code execution vulnerabilities in a web application running on the cloud. In this blog post, we will walk through the RCE_web_app scenario in CloudGoat and provide a step-by-step guide on how to exploit the vulnerability and gain access to the application’s backend. We will also discuss the significance of this vulnerability and how it can be prevented in real-world scenarios. By the end of this post, you should have a better understanding of the risks and challenges associated with web application security in the cloud and how to mitigate them. So, let’s get started! ...

Introduction In this tutorial we will cover vulnerability scanning and vulnerability remediation. These are two of the main steps in the Vulnerability Management Lifecycle. We will be using Nessus Essentials to scan local VMs hosted on VMWare Workstation in order run credentialed scans to discover vulnerabilities, remediate some of the vulnerabilities. EC2 Instance Setup first step is launch an EC2 instance, the recommended requirements are: windows OS basic: t3 medium recommended: t3 xlarge Decrypt your password to login in a RDP session and use this to access your EC2 instance ...

Cloud Resume Challenge Setup AWS Create your aws account Setup MFA for your roor account Create an IAM user Assign permission (Principle of Least privilege) Setup Vault (https://github.com/99designs/aws-vault) aws-vault add myuser ( ex: aws-vault add dev) aws-vault exex myuser — aws s3 ls Setup S3 What is s3: file service useful for storing files usually for host a website What is AWS SAM: server less application model we will create an AWS Lambda (we ignore this for now) ...