«

Migrating a static Hugo blog to AWS Amplify

This is a cross-post from Catawiki’s blog Fond of Cloud, Open Source and new technologies, Aristide leads the implementation of security controls on Catawiki’s Auction platform. In this publication he describes the historical technical considerations that applied to his personal website architecture built on AWS since its creation in 2016 to today. Blog’s Origins Back in 2016, I used to work as a Django developer, and as such, after starting working on AWS, I decided to host a personal website as a Django blog on AWS Elastic beanstalk.…

Read more »

AWS Cloud metadata service abuse

A few weeks ago, I presented an internal meetup to the pentesters of my company on how they could take advantage of weak or poorly configured IaaS metadata services. The end of the presentation was backed by an interactive CTF-like workshop that I have setup based on the work from Avishay Bar from CyberArk. While some suggestions from the workshop have been merged into the master, the complete lab is available on the forked version of the original repository available on my Github account.…

Read more »

Integrate ServiceNow with your AWS Cloud!

Now that I’m on vacation, I wanted to introduce you to a project I’ve spent a couple of weeks on a few months ago on ServiceNow. I have already dived a first time in the ServiceNow API while I was working at the Governance of a SOC service. There I tried to integrate ServiceNow to our processes using Google script to enhance the service workflow throughput1. Sadly I wasn’t able to go that much farther as the IT accountability department refused to give me required credentials.…

Read more »

Penetration testing on AWS

Posted on

In opposition with the general assumption, among companies which have a long compliance history in their field, top executives are often the most eager to migrate their On-premise infrastructure in favor of Public Cloud, expecting1 drastic operational cost savings. The opposition more often comes from the IT Operations and Security staffs who fear a loss of control on their data which goes along with the loss of control on the underlying infrastructure ( They miss Network and Security appliances, Hypervisors and sometimes even Racks and Wires 😏 ).…

Read more »