IMDSv2 enforcement: coming to a region near you! - Christophe Tafani-Dereeper
On March 25, AWS released a new feature that helps enforcing IMDSv2 at the region level by default for newly-launched instances.| Christophe Tafani-Dereeper
On March 25, AWS released a new feature that helps enforcing IMDSv2 at the region level by default for newly-launched instances.| Christophe Tafani-Dereeper
I’m a huge fan of disposable security labs, both for offensive and defensive purposes (see: Automating the provisioning of Active Directory labs in Azure). After writing Cloud Security Breaches and Vulnerabilities: 2021 in Review, I wanted to build a “purposely vulnerable AWS lab” with a typical attack path including static, long-lived credentials and with a supply-chain security element. CloudGoat: Vulnerable AWS Environments CloudGoat is an open-source project containing a library of ...| Christophe Tafani-Dereeper
