Vulnerable Application wrapper for AWS Lambda

Posted on Thu 21 December 2017 in Pentesting • Tagged with AWS, AWS Lambda Vulnerable Application, Pentesting AWS Lambda, AWS Lambda

AWS lambda is a serverless platform for deploying your applications.It makes use of the use and throw functionality, where it creates a sandbox and then destroys it once it is done.


Continue reading

Exploiting JMX deployments through DumpHeap for Remote Code Execution

Posted on Mon 31 July 2017 in Pentesting • Tagged with JMX, JMX Security, Pentesting JMX, JMX Dumpheap

I came across a common component the JAVA JMX console being enabled across different instances, some them would be Hadoop components, Apache Zookeeper, Cassandra.This made me look deeper into some of the functionality.


Continue reading