avishayil / caponeme Goto Github PK
View Code? Open in Web Editor NEWRepository demonstrating the Capital One breach on your AWS account
License: MIT License
Repository demonstrating the Capital One breach on your AWS account
License: MIT License
Hi,
Under mitigation 1: I was doing this mock using my Windows laptop and used internet browser to access the vulnerable app. Is this what the "Now switch to the "hacked" shell is referring to. Could/should it say "Now using your browser"?
Also, "Now switch to the "hacked" shell and try to run the vunlerable web application. What happens?" -> vulnerable is misspelled.
Regards, Matt
Hi, I've just tried running the CloudFormation template. It got stuck on SSRFInstance creation for 20 minutes before telling me "In order to use this AWS Marketplace product you need to accept terms and subscribe. To do so please visit https://aws.amazon.com/marketplace/pp?sku=c1jifmii8vw5xd0npsnf9eza9"
Could you please include these steps:
awscli
installed on your terminal.us-east-1
(North Virginia) region on the AWS Console.Thanks, Matt
Hi,
Just a very minor point, but you may wish to amend the second bullet point so that it doesn't include the IAM role name from your scenario (i.e. make it clear to user where to insert their IAM role name into the URL) such as:
Regards, Matt
Hi, when I first loaded the web URL using Firefox it loaded a webpage with 4 buttons and references to Bitnami. It wasn't the "Server Side Request Forgery" page. I discovered what the page should be when I opened it in Chrome. Since doing this, it has now loaded correctly in Firefox.
It had left me puzzled as to how to complete the rest of the exercise because the "Submit Query" form wasn't showing. I wonder if it's worth including a screenshot of the page the user should expect to see in the README. Something like:
I get You are not authorized to perform this operation. Encoded authorization failure message
when trying to delete stack and ec2, suspect might be related to the AMI?
Hi, you have a typo in the readme:
"allows AWS credentials being compormised" -> (compromised)
Hi, could you please update the README, in the Discovering the contents of the S3 Bucket section:
export AWS_ACCESS_KEY_ID="<access_key_id>"
export AWS_SECRET_ACCESS_KEY="<secret_access_key>"
export AWS_SESSION_TOKEN="<session_token>"
set AWS_ACCESS_KEY_ID=<access_key_id>
set AWS_SECRET_ACCESS_KEY=<secret_access_key>
set AWS_SESSION_TOKEN=<session_token>
(Note: Do not include quotes when setting Windows env variables.)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.