Damn Vulnerable GraphQL Application

Reading Time: < 1 minute GraphQL has been a technology I’ve been focusing a lot on in my day job. GraphQL is a query language made by Facebook, and can be an alternative to REST. I have spent quite some time researching how to defend GraphQL properly. My journey into researching GraphQL included searching for a Damn Vulnerable version of … Continue reading “Damn Vulnerable GraphQL Application”

Hunting for Sensitive Data in Public Amazon Images (AMI)

Reading Time: 9 minutes Table of Contents Background Building the Automation Results Attribution Remediation Final Thoughts Credits Background A while back, I watched a 2019 DEFCON talk by Ben Morris on exposed EBS volumes on AWS. EBS Volumes are attachable block storage devices, essentially virtual disks. Here is the short problem statement the talk discusses (watch it if you haven’t, it’s … Continue reading “Hunting for Sensitive Data in Public Amazon Images (AMI)”